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(54) INTER-NETWORK COMMUNICATION METHOD AND SYSTEM 

(57)Abstract: 

PROBLEM TO BE SOLVED: To operate physically 
one server as if each closed area network had a 
server in the communication between a plurality of 
the closed area networks and a server side network. 
SOLUTION: In this communication method, when an 
access server AS has a point-to-point protocol PPP 
connection request from a terminal in a closed area 
network to a server, which PPP line in which closed 
area network is identified, a corresponding line is 
selected in an address space (Figure B) at a server 
side assigned in advance by PPP lines of closed area networks, an address of a terminal 
of the closed area network is made to correspond to the selected line (Figure A), address 
conversion is applied to a packet and the packet is sent to the server side network. The 
packet from the server side network is address converted by referring to the Figure A, 
which PPP line in which closed area network is recognized and the packet is sent to the 
line. 





rata* a 


tstms 
















FH^^aCI 290 


T KM *W 









* NOTICES * 



JP0 and INPIT are not responsible for any 
damages caused by the use of this translation. 

I.This document has been translated by computer. So the translation may not reflect the 
original precisely. 
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2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1]In a method of communicating by connecting each of two or more user side 
networks, and the server side network using PPP (Point-to-Point Protocol), At the time 
of PPP connection establishment, attest an user side network to which the PPP circuit 
belongs, and in the server side network. . It can set to two or more address spaces 
beforehand assigned for every user side network, respectively. To an address chosen 
from an address space to a network and a PPP circuit which attested 
[ above-mentioned ]. Change an address of a packet from a PPP circuit of the user side 
network, send the packet to the server side network, and And the conversion address 
and an address before conversion, A conversion table with an user side network and a 
PPP circuit which were attested is memorized, An internetwork correspondence 
procedure sending an address of a packet from the server side network to a PPP circuit 
of an user side network which performs inverse transformation of the above-mentioned 
address translation, and corresponds with reference to the above-mentioned conversion 
table. 

[Claim 2]The internetwork correspondence procedure according to claim 1 changing a 
destination address of a packet from the above-mentioned user side network into an 
applicable address in the server side network in the case of the above-mentioned 
address translation. 

[Claim 3]The internetwork correspondence procedure according to claim 1 or 2 changing 
a port number to a server of a packet from the above-mentioned user side network into 
a port number peculiar to the user side network in the case of the above-mentioned 
address translation. 

[Claim 4]The internetwork correspondence procedure according to any one of claims 1 
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to 3 performing selection of the above-mentioned address dynamically or statically 
according to a utilization course of an user side network. 

[CI aim 5]The internetwork correspondence procedure according to any one of claims 1 
to 4 carrying out address translation of the packet from the PPP circuit with reference 
to the above-mentioned conversion table in the address after the above-mentioned PPP 
connection is established, and transmitting to the server side network. 
[Claim 6]In a method of communicating by connecting each of two or more user side 
networks, and the server side network using PPP (Point-to-Point Protocol), At the time 
of PPP connection establishment, an user side network to which the PPP circuit belongs 
is attested, Information which identifies VLAN used when using VLAN (VirtualLAN) 
beforehand assigned for every PPP circuit of each user side network, Add to a packet 
from a PPP circuit of an user side network attested [ above-mentioned ], and it sends to 
the server side network, An internetwork correspondence procedure sending the packet 
to a PPP circuit of an user side network for which it asked from information which 
identifies VLAN of a packet from the server side network. 

[Claim 7]In a method of communicating by connecting each of the multiple user side 
network, and the server side network using PPP (Point-to-Point Protocol), At the time 
of PPP connection establishment, an user side network to which the PPP circuit belongs 
is attested, Information which identifies VLAN used when using VLAN (Virtual LAN) 
beforehand assigned for every user side network, Add to a packet from a PPP circuit of 
an user side network attested [ above-mentioned ], and it sends to the server side 
network, And a conversion table of information and a PPP circuit which identify an 
address and VLAN of the packet is memorized, An internetwork correspondence 
procedure asking for a PPP circuit with reference to the above-mentioned conversion 
table from information which identifies VLAN of a packet from the server side network, 
and an address, and sending the packet to the PPP circuit of an user side network. 
[Claim 8]An access server device formed between the server side networks connected 
by two or more user side networks and PPP (Point-to-Point Protocol), comprising: 
An address space quota table which memorizes an address space assigned for every PPP 
circuit of each user side network. 
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A means which attests to which PPP circuit of which user side network a terminal to 
connect belongs. 

An address translation means to change an address of a packet from the 
above-mentioned PPP circuit into one address currently assigned on the 
above-mentioned address space quota table, and to send the packet to it to a PPP 
circuit of an user side network attested [ above-mentioned ] in the server side network. 
A conversion address memory measure which memorizes relation between an address by 
which address translation was carried out [ above-mentioned ], and an address before 
conversion, An address inverse transformation means to send the packet to a PPP 
circuit of an user side network which changes an address of a packet from the server 
side network with reference to the above-mentioned conversion address memory 
measure, and corresponds with reference to the above-mentioned table. 

[Claim 9]The access server device according to claim 8 provided with a means to carry 
out address translation of the packet from a PPP circuit of an user side network with 
reference to the above-mentioned conversion address memory measure with the 
address, and to send it to the server side network. 

[Claim 10]The access server device according to claim 8 or 9, wherein the 
above-mentioned address translation means is provided with a means to change a 
destination address of a packet into an address with which the server side network 
corresponds. 

[Claim 1 1]The access server device according to any one of claims 8 to 10, wherein the 
above-mentioned address translation means is provided also with a means to change a 
port number to a server in a packet into a port number peculiar to the user side network. 
[Claim 12]An access server device formed between the server side networks connected 
by two or more user side networks and PPP (Point-to-Point Protocol), comprising: 
A VLAN identification information table which memorized a relation with information 
which identifies VLAN used when using a PPP circuit and VLAN (Virtual LAN) of an user 
side network. 

A means which attests to which user side network the PPP circuit belongs at the time of 
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PPP connection establishment. 

A means to search for information which discriminates corresponding VLAN from a PPP 
circuit of an user side network attested [ above-mentioned ] with reference to the 
above-mentioned table, to add it to a packet from the above-mentioned PPP circuit, and 
to send it to the server side network. 

A means to send a packet from the server side network to a PPP circuit of an user side 
network corresponding with reference to the above-mentioned table from information 
which identifies the VLAN. 

[Claim 13]An access server device formed between the server side networks connected 
by two or more user side networks and PPP (Point-to-Point Protocol), comprising: 
A VLAN identification information table which memorized a relation with information 
which identifies VLAN used when using an user side network and VLAN (Virtual LAN). 
A means to attest to which user side network the PPP circuit belongs at the time of PPP 
connection establishment. 

A means which searches for information which discriminates corresponding VLAN from 
the user side network attested [ above-mentioned ] with reference to the 
above-mentioned table, is added to a packet from the above-mentioned PPP circuit, and 
is sent to the server side network. 

A means to remember a conversion table of information and the above-mentioned PPP 
circuit which identify the above-mentioned VLAN to be an address of the 
above-mentioned packet, A means to send a packet from the server side network to a 
PPP circuit of an user side network corresponding with reference to the 
above-mentioned table and the above-mentioned conversion table from information and 
an address which identify the VLAN. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]Offer of the hosting service (service lent out to each user side 
network) of several networks which are different in this invention, especially the 
extranet-oriented shared server which performs communication between closed 
networks, The information in which the server on these user side networks (closed 
network) has public services, such as ticket reservation service, is incorporated. 
Therefore, it is related with an information distribution correspondence procedure 
including an electronic commerce, such as providing safely the service (the needs of 
each user side network were embraced) customized per user side network (closed 
network), and its device. 

[0002] 

[Description of the Prior Art]The Internet is begun today, and the closed network is built, 
in order for network use to spread widely, and to hold down the communication cost in a 
company at a low price and to perform it safely in many companies. In this construction, 
it curses not only using a dedicated line but using ATM and FR (Frame Relay), and is 
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carrying out using IP (Internet Protocol) tunneling. When a business manager etc. 
connect with these closed networks from a place where one has gone, L2TP (Layer2 
tunneling Protocol) which is PPP (Point-to-Point Protocol) and its extension is used. 
Communication between closed networks will increase from now on, the common server 
used with two or more closed networks is provided, without losing the closed **** of a 
self-closed network, or the use which customizes public service of ticket reservation 
service etc. combining the information which the server on each closed network has 
increases. Although there is the method of preparing the server which provides service 
on each closed network as a realization method of this, this has a heavy burden of the 
side which cost starts and prepares a server. Then, although it is one set of a server 
physically, from each closed network, it seems that a separate server exists respectively 
and construction of the virtual private server which can provide the customized service 
for secure (safe) one is considered. 

[0003]Now, in construction of closed networks, such as a company, the method of giving 
a global address dynamically [ only when using a local address or connecting with the 
exteriors, such as the Internet, ], and communicating with the exterior because of 
shortage of the IP address by the rapid spread of network, is taken, however./especially 
connected only at the time of necessities, such as a moving terminal, since the same 
address is not necessarily given at the time of next connection when giving an address 
dynamically — when the connection itself is unstable, it is more necessary to give an 
address statically. In the situation of giving an address dynamically, since the connection 
establishment from the server side to a specific terminal is difficult, a local address is 
statically given in many cases at the time of network construction. When the service 
provision to the closed network currently physically built in this way by one set of a 
server is considered, (1) The collision of the address space between the closed networks 
which are making prevention and (2) connection, such as unjust connection through the 
server side network, and solution of three problems of the connection establishment to 
the specific terminal which includes a moving terminal from (3) servers are needed. 
[0004]The PPP tunneling art represented by construction of this server at L2TP (Layer2 
tunneling Protocol) of the existing art, It can be said that it is the art with two useful 

- 7 - 



kinds of the address translation art represented by NAT (Network Address Translator). 
First, connection with its own closed network is always attained, without a moving 
terminal being restrained by PPP tunneling art at time and a place, and use of a closed 
network is attained as if it existed in the closed network. As shown in drawing 22 , the 
closed networks A and B are made possible [ the server side network and connection ] 
via the Internet/public network, The address in each local address space A and B is 
given to the host (it is also called a terminal) belonging to each closed networks A and B, 
Through the access server between nets of the closed network with which it belongs 
(AS), each host connects with the access server between nets of the server side 
network using PPP tunneling, and a server and connection of him are enabled. By this 
composition, by carrying out tunneling of the PPP connection to the server side, as it 
has connected with the server belonging to its own closed network, it can be shown as a 
terminal. It becomes possible for this to maintain closed **** which a closed network 
has, or to use the local address currently assigned with the closed network as it is. 
However, since a local address is freely assigned to a terminal in (1) closed network, the 
case where the terminal belonging to several different closed networks has the same 
address arises, and a collision is not avoided in this case. Therefore, if it sees from the 
server side network of a connection destination, it will occur that two or more terminals 
with the same address exist, and it cannot be recognized correctly with which terminal it 
is communicating at this time. 

[0005](2) It is necessary to carry out the address which shows a server in common with 
each closed network, and the large change to the existing equipment may be needed. 
(3) When an address is dynamically assigned from the server side at the time of the 
connection establishment from a terminal, Which address is assigned to the terminal 
connected to a network if needed like a moving terminal, or are unknown, There is a 
problem that there is possibility of unlawful access generating over the closed region 
side, via the network by the side of (4) servers which cannot provide service called the 
distribute information from the server side which is useful service, and no solution of 
technical problems can be performed. 

[0006]In order for the user terminal given the local address linked to a closed network to 
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perform communication with the server to which the global address on the Internet was 
given, the user terminal itself needs to have a global address. However, as mentioned 
above, since global addresses run short, they are assigning the local address statically to 
the terminal in many cases. By NAT (network address translation) art, at this time, as 
shown in drawing 23 , perform communication in a closed network using a local address, 
and for communication with the WWW server on the Internet. It communicates possible 
by assigning the global address pooled beforehand dynamically to the device which can 
use NAT provided in the boundary between nets. However, in order that this NAT may 
make connection between hosts (terminal) from a local address, a global address, and 
correspondence ****** / address by the group of a port number dynamically, Since the 
connection between a host and a server is recognized dynamically, service of push types 
(with no connection establishment demand from a terminal), such as distribute 
information from the server side with the global address to the terminal which assigned 
the local address once connection cuts statically, (1) An impossibility, (2) Since a server 
cannot attest every closed network (discernment), Since providing the service 
everywhere customized for every group terminal and information has connected the 
portions of difficulty and (3) NAT to a global address space, there is a problem of the 
possibility of unlawful access, and no solution of the problems in server construction can 
be performed. 

[0007]To what is considered that the NAT art itself is available to the construction of a 
server which it is extended and used in various forms and is made into the technical 
problem on these specifications. There are NAT art which cooperated with PPP, and NAT 
art by Cisco which can change the both sides of the source address of a packet and a 
destination address by setting out. In NAT which cooperated with PPP, an NAT function 
is performed in communication with global IP networks, such as the external Internet, via 
a PPP circuit using the global IP address began to wave from a server after establishing 
PPP connection between servers. That is, NAT of the established PPP circuit unit is 
possible. Construction of the server of a technical problem is considered using this art. If 
this art is introduced into the device by the side of a server, since NAT can be performed 
for every PPP circuit, it can perform easily customizing the service used per closed 
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network, or changing the server to be used in each closed network unit. However, 
considering realization by one set of a server, there is the following problem. 
[0008] 

[Problern(s) to be Solved by the Invention](1 ) Since the closed network of the user 
equivalent to a client and the network by the side of a server are connected by PPP 
connection, in connection of the closed networks built by the local address, the collision 
of an address space will arise like the case where PPP tunneling art is used. The server 
which received the packet which arrived from the host of the closed network equivalent 
to a client when this art was especially introduced into the server side, It cannot be 
identified whether the packet came from the host of which closed network by duplication 
of the address part which shows the host of a closed network, and a packet cannot be 
sent out to a surely applicable host. 

[0009](2) Since the address which two or more servers by the side of a server have to 
the address since NAT is performed to the address began to wave at the time of PPP 
connection establishment is mapped, connection with a specific server is unestablishable 
among two or more servers [ host / of a user's closed network ]. In order to be 
established, a PPP circuit is established according to the number of servers to use, and 
it is needed to make one address of a server correspond to the address on which PPP 
decides. 

[0010](3) Although it changes to the address which shows a server, if the address after 
conversion becomes the same as that of the address which shows the host of a closed 
network, it cannot communicate correctly. Therefore, it is necessary to make it the 
address which the host of each closed network uses, and the address of the server of 
the server side network not lap, and investigates what kind of local address is used with 
each closed network, and in order to decide the address of the server side network, it 
takes great time and effort and time. 

[0011]The NAT art which the said problem cannot be and solve and which Cisco 
developed, Unlike NAT defined by RFC1631, to the target both sides of the source 
address of a packet, and a destination address, address translation is possible and using 
the address translation table by static/dynamic assignment of an address Cooperation 
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with the application layer, The flexible operation which creates the address translation 
table used for NAT especially by cooperation with DNS (Domain Name System) is 
possible. According to such a feature, connection establishment to the host on the 
closed network built by the local address connected behind the NAT device from the 
server on the Internet with the difficult global address, etc. is also made possible with 
the conventional NAT art. Closed **** which a closed network has by canceling a packet 
when there is no address which shows the host of the exterior of a packet who received 
in an address conversion table, or restricting the address notified to an external network 
etc. can also be maintained. If the server considered on these specifications using this 
art is built, in order that in the case of the closed network built by the local address the 
(1) server side network may also avoid the collision of an address space and may 
communicate with the host besides closed networks, such as a server on the Internet, 
both networks will perform NAT. At this time, since the host of a connection destination 
cannot be specified unless the global address used for communicating between closed 
networks at NAT and the local address which a host has are made at least 1 to 1 
correspondence, it is useless for communication being impossible. In this case, it not 
only cannot perform connection with the host of a closed network from the server side, 
but when two or more servers exist, it cannot perform connection with a specific server 
for the above-mentioned reason. 

[0012]There is a said problem and all cannot be solved. Thus, when the existing art is 
used, all the problems produced in the server construction described on these 
specifications cannot be solved. 
[0013] 

[Means for Solving the Problem]Two or more user side networks (an user side network is 
henceforth explained as a closed network) which a user uses also in the 1st invention of 
the 1st invention and the 2nd invention make connection by PPP (Point-to-Point 
Protocol) to a network by the side of a server. Connection origin which has performed 
PPP connection in attestation at the time of this PPP connection establishment in 
addition to the conventional user's attestation attests which PPP circuit of which closed 
network. According to the 1st invention, by the result, connected PPP connection 



matches with each PPP circuit information which shows which PPP circuit of which 
closed network it is. And an address of the server side network assigned to a PPP circuit 
applicable as a key in this information, A port number according to service of a server 
which was decided per closed network if needed and to be used is used, A port number is 
changed both [ a network address and if needed ] for sauce and a destination to a packet 
left from / which comes into the server side network through a PPP circuit. 
[0014]In this 1st invention, in the server side network, an address space is uniquely 
assigned to each closed network unit, and flexible use by a plan of that closed network 
unit is performed. An address space prepared for each closed network in the server side 
network is assigned by the following plan. An address space is first assigned statically 
per PPP circuit. This address space is made to assign per subnet. The amount of static 
assignment may not be. In that case, all are dynamically assigned to a PPP circuit per 
subnet. And it shall assign dynamically a PPP circuit using LCP (setting protocol) of PPP, 
etc. to a PPP circuit which has consumed an address space assigned when there was 
space which remained. Dynamically, a part for necessity may be sufficient as a size of an 
address space assigned dynamically, it may determine a fixed size by a negotiation, and 
can choose it as freedom, such as enlarging a size gradually with a certain algorithm. 
When a PPP circuit is assigned dynamically, a packet to a terminal by the side of [ the 
server side to ] a closed network can be sent out to a suitable PPP circuit by managing 
which address space was assigned to which PPP circuit of the closed network. 
[0015]Thus, since operations including assignment are independently required per closed 
network, evasion of a problem by collision of an address space of a closed network to 
connect and connection with a specific terminal are enabled. By the closed network side 
closed **** which conversion of an address is performed by the server side, control 
about connection can be easily performed in the server side, and each closed network 
has is not only maintainable, but connected: It is possible to give an address to a server 
used freely from an address space of a self-closed network, and a setting variation of a 
network by which it is accompanied at the time of introduction can be suppressed to the 
minimum. Hereafter, this address conversion method is called route side NAT (the 
following, Root-side NAT, or RNAT). 
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A user's closed network with which the circuit belongs like the 1st invention of the 2nd 
invention at the time of PPP connection establishment attests either. And information 
which identifies VLAN used when it uses sufficient VLAN (Virtual LAN) for which PPP 
circuit of which closed network it is to be discriminable for a PPP circuit, after ending 
attestation of a closed network of affiliation at the time of PPP connection 
establishment is matched. And a packet from that PPP circuit is carried to a server to be 
used with VLAN constructing technique, such as switching, based on information which 
identifies this VLAN. And OS which carries out various processing to an information unit 
which identifies each VLAN in one set of a server is operated, and the above-mentioned 
server is realized. 

[0016]When it matches information which identifies sufficient VLAN to identify a closed 
network in a PPP circuit, an address of a host of a closed network shown in a PPP circuit 
which received a packet, and its packet is matched. This matching is carried out to an 
information unit which identifies VLAN. Thereby, an above-mentioned server can be 
easily built and used by control of the server side network using information which 
identifies VLAN, without adding change to a user's network. By an authentication result 
about this closed network that belongs, a method of assigning information which 
identifies VLAN which can identify a closed network at least is hereafter called VNAT to 
an established PPP circuit. 
[0017] 

[Embodiment of the Invention]the 1 st shot ** — an embodiment is first described about 
the 1st invention. It is assumed that it is considered as the system configuration shown 
in drawing 1 now. That is, the closed network A, B, and C is connected with the 
Internet/public network via access server AS, respectively, and the server side network 
is connected with the Internet/public network via access server R-NAT with a Root-side 
NAT function by this invention. The address is assigned as the closed networks A and B 
are shown in drawing 2 A to each host (terminal). That is, in the address space which the 
closed network A has, it is assumed to the address 1 and the host 2 that the address 100 
is assigned to the address 2 and the host 3 at the address 3 and Server to be used at the 
host 1. Server is one of the hosts who have set to the network by the side of a server, 
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and, as for this Server, the address 1 is given in the network by the side of a server. As 
the network by the side of a server is shown in drawing 2 B, the respectively peculiar 
address space is prepared to the closed networks A and B. The address groups 101-300 
are prepared for the terminals connected from the closed network A, The address groups 
201-250 are assigned to the terminals which connect the address groups 101-200 to the 
terminals connected before long from the PPP circuit 1 which the host 1 and the host 3 
use from the PPP circuit 2 which the host 2 uses, respectively. And the remaining 
address groups 251-300 are dynamically assigned if needed to the PPP circuits 1 and 2, 
when the above-mentioned assignment is used up. In the address space which the closed 
network B has, the address 150 is respectively assigned to the address 11 and the host 
5 at the address 22 and Server to be used at the host 4. The address groups 301-350 are 
prepared for the terminals connected from the closed network B in the network by the 
side of a server, and the terminal of the closed network B is statically assigned before 
long to the PPP circuit established directly to the address groups 301-310. 31 1-350 
shall be assigned to the PPP circuit 1, and shall assign the host using this PPP circuit 
dynamically at the time of server connection. Thus, an address space is pooled in each 
closed network unit in the network by the side of a server, an address space is assigned 
to a PPP circuit according to the utilization course of a closed network, and the host 
using a PPP circuit further applicable from there is flexibly assigned including static and 

[0018]PPP connection of between access server AS set to each closed network and 
device R-NAT with the function of Root-side NAT is carried out. The terminal of a 
closed network performs the device (R-NAT) with a Root-side NAT function and PPP 
connection which used the server using this PPP connection, or were directly set to the 
server side using PPP tunneling, and uses a server. 

[0019]Then, it is this Root-side NAT that is made available in two or more closed 
networks without showing one set of a server virtually physically on the network by the 
side of a server so that it may exist in each closed network respectively, and losing the 
closed **** of each closed network. This Root-side NAT is faced assigning the address 
prepared beforehand for every closed network by the server side, It is attested to which 
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PPP circuit of which closed network not only the conventional attestation about the host 
that it is whether the terminal which is demanding connection at the time of PPP 
connection establishment with a closed network is the right but the terminal to connect 
belongs. An address is dynamically assigned to a terminal from the address space 
prepared per PPP circuit in the thing applicable when the address is statically assigned 
by the terminal based on this result out of the address group beforehand prepared for 
the PPP circuit of that closed network when that was not right. 

[0020]In drawing 1 , when the host 1 has connected and the PPP circuit has not been 
established yet, establishment of a PPP circuit begins from used AS (access server), and 
it attests that this PPP circuit is the PPP circuit 1 from the closed network A at this 
time. And an address is dynamically assigned to a host from the address space pooled for 
the PPP circuits 1 of this closed network A. Since in this case the address space 
101-200 is given to the PPP circuit 1 as shown in drawing 2 B, and it gives dynamically 
from this space, the address 101 which is not used is assigned to the host 1 in the server 
side network. That is, the address 1 given by RNAT with the closed network A about the 
packet from the PPP circuit 1 of the closed network A will be changed into the address 
101 . As this relation shows drawing 2 A, it memorizes as a table. Then, if a packet comes 
from the host 1 through the PPP circuit 1 of the closed network A, with reference to the 
table of drawing 2 A, it will be changed into the address 1 01 of the server side network by 
the address 1. Similarly, when the packet from the host 3 comes, the address 102 which 
is not used is dynamically assigned to the host 3 from the same address space because 
it is from the PPP circuit 1, and the address 3 which the host 3 has by RNAT is changed 
into the address 102. Since the PPP circuit 2 which is another PPP circuit is used when 
the host 2 connects with a server, It will assign from the address space 201-250 
prepared for the PPP circuits 2, the address 220 which is not used is assigned in the 
network by the side of a server, and the address 2 is changed into the address 220 by 
RNAT. 

[0021]The host 4 is doing PPP connection to the device by the side of a server directly 
using PPP tunneling, establishment of a PPP circuit starts, and it is attested by the same 
attestation at this time that this PPP circuit is the PPP circuit 2 from the closed 
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network B. And since the address 301 is statically assigned to the PPP circuit 2 of this 
closed network B, the address 1 1 which the host 4 has by RNAT will be changed into the 
address 301 in the server side network. When the host 5 connects with a server, it is 
attested that the PPP circuit to be used is the PPP circuit 1 of the closed network B, 
and the address which is not used from the address space 31 1-350 prepared for the PPP 
circuit 1 is dynamically assigned to the host 5. This time, the address 311 is assigned. 
The packet to a server is changed into the address 31 1 from the host 5 to the address 22 
which the host 5 has by RNAT. 

[0022]Conversion to the address which also assigned the address of Server specified as 
the connection destination to Server in the network by the side of a server is performed. 
This time, about the closed network A, the address 1 50 of Server will be changed into the 
address 1 for the address 100 of Server to the address 1 about the closed network B. 
Although restriction of the service based on the address assigned per closed network to 
be used is also possible, service provision of a closed network unit is physically made 
possible by one set of a server with the port number of a server by deciding the port 
number of the server used per closed network. This time, the service closed-network A 
Turned in Server is port number A, and suppose that the service to closed-network B 
Turn is provided by port number B. 

[0023jRoot-side NAT performs the sauce of a packet, the network address of both 
destination, and conversion of a port number under management by the side of a server 
based on matching and the port number of this address. When the host 1 uses WWW 
Server (port number 80) of Server, conversion operation as shows drawing 3 t he host's 1 
packet by RNAT will actually be performed. Drawing 3 A shows the packet from the host 
1 to a server, and drawing 3 B shows conversion by each R-NAT of the packet from a 
server to the host 1. 

[0024]That is, when the address translation portion in Root-side NAT is summarized, it 
comes to be shown in drawing 4 . In this figure, the address group by which NetA was 
prepared for the address group of the network with which Server exists in the address 
space of the network by the side of a server, and each closed networks [ in / in NetB / 
the address space of the network by the side of a server ] is summarized. The address 
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group prepared for each closed networks as shown in drawing 5 A terminal. Or it is 
statically assigned to each PPP circuit linked to a network, and when the space currently 
assigned statically stops being sufficient, the remaining space is used in order to assign 
dynamically according to a demand to the PPP circuit which run short. A packet can be 
sent out to a suitable PPP circuit by managing which PPP circuit the space assigned 
dynamically was assigned at the time of assignment. Thus, the space prepared for the 
server side network can choose the plan of use of the closed network which is a user of 
each space. Matching the address of the terminal in each closed network with the 
address beforehand prepared for the server side for every closed network respectively 
Compaction (Compaction) conversion, It carries out changing into the address of the 
server in the network by the side of a server the address of Server assigned in each 
closed network to calling it merge (Merge) conversion. Reverse Compaction conversion 
is discriminated from the address assigned by the terminal with reference to drawing 2 A 
and B for which PPP circuit of which closed network it is, and is changed into the 
address of the terminal in the closed network. Reverse Merge conversion changes the 
address of a server into the address of the server in a closed network from the 
information on the terminal belonging to which closed network obtained from reverse 
Compaction conversion with reference to drawing 2 A. And a packet is sent out to the 
suitable PPP circuit of a suitable closed network by discernment of which PPP circuit of 
which closed network. At this time, the above-mentioned conversion is performed to the 
sauce and the destination address of the packet from a terminal to a server, and the 
packet from a server to a terminal, as shown in drawing 6 . It changes into the port 
number used in the closed network from the port number decided per closed network in 
the server side network also about the port number of the used server. 
[0025]The address space given for every closed network of this, Since it assigns as a 
result of the attestation about the closed network which belongs, since it is attested, 
which closed network each address is is forbidding connection between the addresses of 
this different closed network by the server side, it will forbid communication between 
closed networks as a result, and can secure closed **** which a closed network has. It 
becomes possible to customize the service provided by carrying out based on this 



address space assigned to each closed network, or deciding the port number which can 
be used in a server to each closed network for every closed network. The feature of 
conventional technology and the 1st invention (route side NAT) is summarized to drawing 
7, and is shown. 

The system configuration to which the 2nd invention of the 2nd invention is applied is 
shown in drawing 8 . The closed networks A and B are connected with the Internet/public 
network via access server A5, respectively, and the server side network is connected 
with the Internet/public network via the access server VNAT with a VNAT function. In 
the access server VNAT with a VNAT function, as shown in drawing 9 , a VLAN tag is 
assigned to each PPP circuit of each closed network. Hereafter, change by this 
assignment is called VNAT. Access server AS set to each closed network performs PPP 
connection to the access server VNAT with the VNAT function which the server side 
network has. 

[0026]VLAN1-x is assigned as the information which identifies VLAN used when they use 
VLAN which shows the closed network A, since the hosts 1, 2, and 3 are all hosts of the 
closed network A, for example, a VLAN tag. Next, in order to identify two or more PPP 
circuits from the same closed network, the child number x is assigned. The hosts 1 and 3 
are coming from the same PPP circuit 1, and VLAN1-1 is matched with the PPP circuit 
1 as a VLAN tag. Since the host 2 has connected using the PPP circuit 2 of the closed 
network A, he is matched with the PPP circuit 2 to which VLAN1-2 corresponds as a 
VLAN tag. Similarly, since the hosts 4 and 5 are hosts belonging to the closed network B, 
VLAN2-X will be assigned as a VLAN tag in which the closed network B is shown. In order 
to identify a PPP circuit like the case of the closed network A, VLAN2-2 is assigned to 
the host 4 and VLAN2-1 is assigned to the host 5. 

[0027]This VLAN tag is embedded at the packet received from the closed network based 
on assignment of a VLAN tag in the device VNAT which has a VNAT function as shown in 
drawing 10 . And this packet is carried by the existing VLAN art, such as IEEE802.10 and 
a switching function of VLAN correspondence, based on this VLAN tag to Server. As 
shown in drawing 1 1 , in order to perform separate processing for every VLAN tag, Server 
which receives a packet is changed so that two or more OS's can operate, and it is made 
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for one OS to operate to the VLAN tag of the unit which can identify a closed network. 
That is, two or more OS's are made to operate in one machine in the condition said in 
OS2 for performing processing about OS1 for performing processing about the tag of 
VLAN1-X, and the tag of VLAN2-X. In the network by the side of a server, since delivery 
of a packet is performed based on a VLAN tag and virtual closed networks including the 
server on the network by the side of a server can be built, it is not necessary to change 
at all by the server side about the address of a packet. Thus, a virtual private server can 
be built, without losing closed **** which a closed network has under management by 
the side of a server in operating OS for every VLAN tag in one set of a server. 
The modification of the 2nd invention of modification of the 2nd invention is shown below. 
Since the hosts 1, 2, and 3 are all hosts of the closed network A, VLAN1 is assigned as 
a VLAN tag in which the closed network A is shown. Next, when two or more PPP circuits 
from the same closed network are established, the address and PPP circuit which show 
a host are matched so that the packet addressed to the host can be returned to the PPP 
circuit which received the packet. The hosts 1 and 3 are coming from the same PPP 
circuit 1, and each address is matched with the PPP circuit 1. Since the host 2 has 
connected using the PPP circuit 2 of the closed network A, VLAN1 is assigned as a 
VLAN tag, but the host's 2 address 2 is matched with the PPP circuit 2. 
[0028]Similarly, since the hosts 4 and 5 are hosts belonging to the closed network B, 
VLAN2 will be assigned as a VLAN tag in which the closed network B is shown. In order 
to return a packet to the PPP circuit similarly thought to be a case of the closed network 
A, a host's address and PPP circuit are matched. In this case, the host's 5 address is 
matched with the PPP circuit 2 for the host's 4 address by the PPP circuit 1. since 
matching of the address of this PPP circuit and a host is performed per VLAN tag as 

shown in drawing 12 — VLAN1 and VLAN2 matching is performed independently 

respectively. By reference, matching about VLAN1 serves as the following. The newest 
connection times in this matching can also be doubled and managed, and security can 
also be raised by providing timeout etc. In the device which is performing this VNAT 
conversion if the packet from a server is received, The conversion table which uses as a 
key the VLAN tag currently embedded at the packet, and searches it first is decided, and 
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the PPP circuit which should search and send out a conversion table is investigated by 
using as a key the destination address (a host's address) currently embedded next at the 
packet. The result can send out to the PPP circuit which received the packet. 
As an example using the virtual private server which becomes possible by the method of 
an invention of it states using the example of the procurement service for two 

or more contractors. In order to act as the company A for supply of the company 1, to 
carry out a supply request to B respectively and to choose this time the one where 
either is better, it is an example in the case where it is necessary among companies 
registration of data, and to exchange and suit. 

It is assumed that it is network composition as shown in example drawing 13 of the 1st 
invention . The closed networks A and B and 1 are connected with the Internet by access 
server AS1, AS2, and AS3, respectively, An ISDN network is connected with the Internet 
by access server AS4, and the server side network is connected with the Internet by 
access server R-NAT with a route side NAT function. As device R-NAT with a route side 
NAT function is shown in drawing 14 , the conversion table of an address is created and it 
operates. How to make a conversion table is mentioned later. Here, the closed network N 
shall mean the closed network which the company N has. PPP connection of between 
device R-NAT with a route side NAT function set to the network of the server network, 
and access server AS1 placed by each closed network, AS2 and AS3 is carried out using 
tunneling. It can connect with access server AS4 using ISDN etc., and the host who 
belongs to a closed network via this can also perform device R-NAT and PPP connection 
in the direct server side network. 

[0029]As shown in drawing 12 f rom the address space which the closed network which 
belongs has, the address is respectively assigned to the host of each closed network. In 
order to use the function of this Root-side NAT, in the network by the side of a server, 
the address space is pooled for each closed network. In this example, an exhaust air 
address expresses in the closed network A, the address space of the 10.10.1.0 subnet 
masks 255.255.255.0 is prepared, and an address is assigned to the terminal connected 
from the closed network A from this space. Similarly the address space of the 10.10.2.0 
subnet masks 255.255.255.0 is prepared for the closed network B, The address space of 
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the 10.10.1 1 .0 subnet masks 255.255.255.0 is prepared for the closed network 1 from this 
space at the terminal connected from the closed network B, and an address is assigned 
to the terminal connected from the closed network 1 from this space. 
[0030]In the closed network A, the host 1 presupposes 10.0.1.13 and the host 2 that 
1 0.1 .1 .1 is assigned to 1 0.0.3.20 and WWW Server to be used. Actually, WWW Server is set 
to the network by the side of a server, and this WWW Server provides service in the 
network by the side of a server to the terminal which 1 0.1 00.1 0.1 is assigned and belongs 
to several different closed networks. The inside of the address space 10.10.1.0 subnet 
mask 255.255.255.0 currently assigned to the closed network A in the network by the 
side of a server, The 10.10.1.0 subnet masks 255.255.255.192 are assigned to the PPP 
circuit 1, and the 10.10.1.64 subnet masks 255.255.255.192 are assigned to the PPP 
circuit 2. And in order to assign the space 10.10.1.128 remaining subnet masks 
255.255.255.128 to the PPP circuit dynamically demanded per subnetwork according to 
the demand from the PPP circuits 1 and 2, there are [ for ]. When the terminal of the 
closed network A uses WWW Server, it is set up in the network by the side of a server 
develop the service for closed network A with the port number No. 8080. 
[0031]Now, when the host 1 uses WWW Server, the PPP circuit 1 established from the 
access server 1 (the following, AST) is used. When the PPP circuit 1 is not established 
between AS1 and AS with a Root-side NAT function by the side of a server (henceforth, 
RNAT device), PPP connection is established first. At this time, it is attested which PPP 
circuit of not only a host's attestation but which closed network it is. In this case, it is 
attested that it is the PPP circuit 1 of the closed network A. Next, it is confirmed 
whether there is any address which is not used for the address space currently assigned 
to the PPP circuits 1 of the closed network A in the server side network. It supposes 
that there is an address which is not used in this case, and 10.10.1.15 is dynamically 
assigned to the host 1 from the space. In [ when all the space for PPP circuit 1 is already 
used, AS1 requires the address space of a required part using LCP of PPP, etc., and ] a 
RNAT device according to this, In order [ which the closed network A has ] to assign 
dynamically, a part granted a permission will newly be assigned among demands to two or 
more PPP circuits 1 from the space 10.10.1.128 subnet mask 255.255.255.128 currently 
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prepared, and an address will be dynamically assigned to the host 1 out of it. At this time, 
it manages with a RNAT device which PPP circuit the space to assign assigned, and, 
thereby, a packet can be sent out to a suitable PPP circuit. The amount of [ which a 
required part of the subnet unit was assigned, and also was decided ] fixed subnet space 
may assign dynamically, and it may enlarge subnet space as a unit gradually. 
[0032]In the closed network A, an address is 10.0.3.20, and the host 2 connects with a 
server using the PPP circuit 2 established between ASI and a RNAT device. It is attested 
like the case where the host 1 connects, at the time of this PPP connection 
establishment that this PPP circuit is the PPP circuit 2 belonging to the closed network 
A. And the address which is not used from the space 10.10.1.64 subnet mask 
255.255.255.192 prepared for the PPP circuits 2 of the closed network A is searched, 
and the host 2 is assigned. This time, 10.10.1 .100 is dynamically assigned to the host 2. If 
all the space prepared beforehand is used, an address space will be dynamically assigned 
to the PPP circuit 2 like the time of being the host 1, and the host 2 will be dynamically 
assigned from the space. Thus, an address is assigned to the host who has connected in 
the network by the side of a server, and an address translation table required for a RNAT 
function is made. 

[0033]ln a RNAT device, the source address of a packet is changed into 10.10.1.15 from 
10.0.1.13, and the case to WWW Server changes a destination address into 10.100.10.1 
from the host 1 from 10.1.1.1. In order to use WWW Server, the host 1 advances a 
utilization request to the port number 80 of a server, but. A port number is also changed 
into the port number 8080 of the server which provides the service for closed network A 
in a RNAT device, it is correctly sent to a server by routing of the after-conversion 
server side network, and use of the service to closed-network A Turn is performed. 
[0034]Conversely, the packet from WWW Server to the host 1, His being the host 1 who 
belongs a destination address to the closed network A from 10.10.1.15, and the thing 
which are established from AS1 and which is the packets to turn PPP circuit 1 are 
identified, and an address is changed into 10.0.1.13. Next, the host 1 changes a source 
address into 10.1.1.1 from the information that it belongs to the closed network A, from 
10.100.10.1. And a port number is also changed into the port number 80 specified as the 
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packet which the host has sent from 8080. A packet is sent out to the PPP circuit 1 of 
the closed network A which is a suitable PPP circuit using the information based on the 
destination address which the received packet has after this conversion. 
[0035]Similarly, the case of the closed network B is described. In the closed network B, 
the host 3 presupposes 10.0.1.30 and the host 4 that 10.10.15.1 is assigned to 10.0.1.14 
and WWW Server to be used. Actually, WWW Server is set to the network by the side of 
a server, and 10.100.10.1 is assigned to this WWW Server in the network by the side of a 
server like the above-mentioned. In the network by the side of a server, the address 
space currently assigned to the closed network B, Are the 10.10.2.0 subnet masks 
255.255.255.0 and in the closed network B. Use in which the terminal itself carries out 
PPP connection to a RNAT device directly is also performed, therefore, for those 
reasons, the space of 10.10.2.64. subnet mask 255.255.255.192 is prepared, and the 
address is statically assigned to each PPP circuit and 1 to 1 correspondence. This time, 
the PPP circuit 2 or subsequent ones considers it as the PPP circuit established directly 
from a terminal, 10.10.2.65 is assigned to the PPP circuit 2, and, as for other applicable 
PPP circuits, one address is assigned statically. The space of the 10.10.2.0 subnet masks 
255.255.255.192 is statically assigned to the PPP circuits 1 established from AS2, and an 
address is dynamically assigned to the host using this PPP circuit from this space. The 
space 10.10.2.128 remaining subnet masks 255.255.255.128 are prepared in order to 
assign dynamically according to the demand from the PPP circuit 1 which uses an 
assigned part. 

[0036]Since the host 3 has connected using the PPP circuit 1 established by AS2, If it is 
attested like the host 1 of the closed network A, or the case of 2 that the used PPP 
circuit is the PPP circuit 1 of the closed network B, If search and it is [ whether there is 
any address which is not used for the space 10.10.2.0 subnet mask 255.255.255.192 
assigned statically, and ], arbitrary things will be assigned out of it. This time, 10.10.2.10 
is assigned to the host 3 in the server side network. Now, the host 4 is moving, does 
receipt to nearby AS4, and establishes a PPP circuit directly to a RNAT device using 
PPP tunneling. At the time of this establishment, it is attested that a PPP circuit is the 
PPP circuit 2 of the closed network B, and the address 10.10.2.65 with which one 
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address is statically assigned and the PPP circuit 2 is assigned in this example turns into 
the host's 4 address. The address of WWW Server is the same as the case of the closed 
network A. As for the port number which shows the service to be used, the port number 
8081 is assigned to the closed network B. 

[0037]At the time of the communication to WWW Server (port number 80) from a actual 
host. The sauce and the destination address which a packet has in a RNAT device by the 
conversion table etc. which are shown in drawing 14 like the hosts' 1 and 2 case are 
changed respectively, and it is further changed into No. 8081 specified to the closed 
network B from 80 about a port number. Conversely, the packet from WWW Server to a 
host also changes the address and port number of both sauce and a destination which a 
packet has like the above-mentioned. When two or more PPP circuits exist from which is 
the closed network to which a host belongs with the destination address of a packet, and 
its closed network at the time of this conversion, it can be judged to which PPP circuit it 
sends out. The port number connected to a server based on this information is also 
changed. And it is sent out after an address and a port number changing in a suitable 
PPP circuit. For example, in the case of the packet to the host 3, since 10.10.2.10 is 
given as a destination address, it is identified that it is a packet which this should just 
send out to the PPP circuit 1 of the closed network B, and it is sent out. 
[0038]In the host 5 of the closed network 1, it operates similarly, an address is assigned 
to the host 5 by the quota plan of the address space which the closed network 1 
determined, a table as shown in drawing 1 3 is made, and address translation is performed 
about the host 5 using this. If it is the port number 8088 of the server utilization time 
decided for the closed networks 1 , conversion will be performed also about a port 
number. It is sent to the suitable PPP circuit of a suitable closed network by the same 
structure as the above-mentioned also to the packet from the server side network to a 
host. 

[0039]the address being guaranteed in the meaning that a closed network is shown, since 
an address is assigned in the network by the side of a server here as a result of having 
attested the closed network which belongs, and restricting based on this address — 
restriction in a closed network unit — a line — it is equivalent to things. That is, WWW 



Server with the address 10.100.10.1, By permitting only the connection from each 
address space of the 10.10.1.0 subnet masks 255.255.255.0, the 10.10.2.0 subnet masks 
255.255.255.0, and the 10.10.11.0 subnet masks 255.255.255.0. Restriction can perform 
easily use from addresses other than this, i.e., other closed networks. Thereby, 
communication between the limited closed networks can be performed, maintaining 
closed Not only the access restriction to the data using an address but the port 

number used per closed network like this time is decided, The program which answers 
the port number unit at it is operated, and service physically customized for [ by one set 
of a server ] two or more closed networks can be realized by setting up the data which 
can be referred to, the data which can be referred to and changed, etc. 
[0040]Even if data is on the same server by distinguishing respectively the data which 
the program which is operating to the port numbers 8080 and 8081 currently assigned to 
the closed networks A and B in this case can access, and can be operated, as for the 
closed network A, the data which he registered can perform reference and change, but. It 
can prevent changing also from, of course seeing the data which the closed network B 
registered. On the contrary, the program which is operating to the port number 8088 
assigned to the closed network 1, If the program which is operating with the previous 
port numbers 8080 and 8081 enables it to access both data which can be accessed and 
operated, respectively, the host of the closed network 1 can refer to the data which both 
the closed network A and B manage independently. The technical problem that the 
company 1 of the order Lord demanded in the procurement service made into this 
example by this can see freely the data of both the company A which is the orderer, and 
B is cleared. This may restrict with a port number like this time, and may restrict using 
the address space assigned per closed network. Communication between different 
closed networks through the network by the side of a server can be prevented by 
forbidding the communication in a different address space, and closed **** which a 
closed network has can be maintained. Since the address of the server of a connection 
destination is also manageable by the server side, if two or more servers are prepared, 
the load sharing of a server will also become possible by changing an address according 
to the load of a server. 



[0041]Next, the time of communication with the closed network A and the server side 
network is described for the motion by the DNS (Domain Name System) server which 
carries out work important at the time of communication by an IP network as an example. 
In drawing 12 , the case where the host who belongs to a user's closed network first 
connects with the host of the network by the side of a server is described. In order that 
the host 1 belonging to the closed network A may connect with the WWW server of the 
server side network, the address of a WWW server to connect to DNS server 2 on the 
closed network A is asked. Since the address is assigned to the WWW server in the 
address space of the closed network A, DNS server 2 returns the address 10.1.1.1 
assigned to the server applicable with the closed network A to the host 1. And the host 
1 sends out the address 10.0.1.13 in which he has a source address, the address 10.1.1.1 
in which a server has a destination address, and the packet made into the port number 80 
of a destination. And by setting up routing correctly reach AS1 in the packet addressed 
to 1 0.1 .1 .1 in the network of the closed network A, this packet reaches AS1 , if necessary, 
will establish a PPP circuit and will be carried to the device with a RNAT function of the 
server side network. Based on the conversion table in which self has a destination 
address of a packet, the device with a RNAT function which received this packet is 
changed into 10.100.10.1 from 10.1.1.1. Next, 10.0.1.13 of a source address is searched in 
a conversion table. The address will be used, if an applicable address exists as a result of 
searching, In the case of this example, it changes into 10.10.1.15, and is further changed 
into the port number 8080 to which the port number 80 of the destination was assigned 
for closed network A, and the packet is carried to an applicable server. When there is no 
applicable address, in the server side network, it is assigned by the above-mentioned 
method, and communication is performed like the usual case below. 
[0042]When the address of the server to connect to DNS server 2 temporarily is not 
registered, DNS server 2 asks DNS server 1 which is a DNS server of the server side 
network the address of a server. This inquiry packet is sent to the RNAT device of the 
server side network via AS1 by routing. The received RNAT device changes both the 
sauce of a packet, and a destination address based on a conversion table. And when an 
applicable packet is an address inquiry packet of DNS, change is not added to the data of 
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a packet but it sends to DNS server 1 . DNS server 1 returns the address of the server of 
the specified connection destination as a response. In this case, the address 10.100.10.1 
of a server is embedded as data. This response packet is sent to a RNAT device by 
routing of the server side network. It identifies that what is necessary is just to send out 
the received RNAT device to the PPP circuit 1 by which the packet is coming from AS1 
of the closed network A from the destination address 10.10.1.62 (address statically 
assigned to DNS server 1 of the closed network A in the server side network), Sauce and 
a destination address are correctly changed by conversion about the closed network A. 
When this packet is a response packet of DNS and it is what returns a host's address, It 
is changed into 10.1.1.1. which is an address of the server to which the address 
10.100.10.1 of the server embedded as data was assigned in the closed network A, and 
this packet is sent to DNS server 2. DNS server 2 which received this answers to the 
host 1 as an address of a server to connect 10.1.1.1 to, and the host 1 communicates by 
sending out a packet like the usual connection. 

[0043]Conversely, the case where the WWW server on the server side network connects 
with the host 1 of a closed network is described. First, the server of the server side 
network asks DNS server 1 the host's 1 address. Since DNS server 1 does not know the 
host's 1 address, the host 1 recognizes that he is a host who belongs to the closed 
network A first from the domain name etc. which are contained in the host's 1 name. And 
the packet of an address inquiry is sent out by making into a destination address the 
address (in the case of this 10.10.1.62) assigned in the server side network to DNS 
server 2 which is a DNS server of the closed network A. In the network by the side of a 
server, routing of this packet is carried out to a RNAT device. The RNAT device which 
received the packet discriminates that it is a packet to turn PPP circuit 1 of the closed 
network A from a destination address, and changes it by the conversion table in which 
self has both sauce and a destination address to the address space of the closed 
network A. And it is sent out to DNS server 2 of the closed network A. 
[0044]DNS server 2 which received this packet is sent to DNS server 1 of the server 
side network by making the address 10.0.1.13 in the host's 1 closed network A asked into 
a response. The RNAT device of the server side network receives this packet, and it 
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changes sauce and a destination address from a conversion table respectively first. And 
since this packet is an answer of a host's address inquiry, a host's address part currently 
embedded to data is changed into the address of the server side network. If there is data 
which searches the conversion table which a RNAT device has at this time, and 
corresponds, it will change into an address corresponding from a conversion table, and 
will send to DNS server 1. When there is no applicable data, the address of the host 1 
who is a response from DNS server 2 is changed into the address which assigned and 
assigned the address dynamically from the address space assigned to the PPP circuits 1 
of the closed network A by the above-mentioned method to the host 1, and it sends to 
DNS server 1. This time, the address 10.10.1.15 will be assigned and changed. At this 
time, the address information about the host 1 applicable to the conversion table which 
a RNAT device has is added. Thus, the address of the host who is a response of a DNS 
server is changed, and is notified to the server which is carrying out the connection 
request to the host of the closed network with which a translated address corresponds. 
And by making the notified address into a destination address, a server tries connection 
with the host belonging to a closed network, the connection with a host from the server 
side is established by the address conversion function by RNAT, and communication is 
started. 

[0045]Use becomes do not need to add change to the existing DNS server and possible 
[ cooperation with a DNS server is possible by doing in this way, and ], introduction in the 
IP network used for many communications is easy, and establishment of the connection 
from both directions of the host of a server and a closed network can be realized. If the 
notice of an address is restricted using a DNS server, fine control, such as limiting the 
host of the closed network which can perform connection from a server, can also be 
performed, and maintenance of closed **** by the plan of a closed network can be 
performed. 

[0046]As mentioned above, in the network by the side of a server, prepare an address 
space for every closed network, and further, Since each portion which determines the 
port number which can be used to a server for every closed network and to which the 
received packet to /Send out corresponds is changed, realization of every distribute 
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information from the server side to a terminal, closed network, or the service customized 
for every area is attained. Construction of the virtual private server which can perform 
offer of service by one set of a server to two or more closed networks holding closed 
**** which a closed network has since the address was furthermore assigned per closed 
network is enabled. Reuse of the address once assigned dynamically by carrying out the 
quota term of validity of the address assigned dynamically to to a certain fixed time / 
existing end of an event is possible, and it is also possible to secure scalability and 
security. 

The case where the company 1 supplies to the companies A and B is made into an 
example, and is described. [ as well as the case of the example of the 1 st invention of an 
example of the 2nd invention ] It seems that network composition is shown in drawing 1 5 . 
That is, the closed networks A and B and 1 are connected with the Internet by access 
server AS1, AS2, and AS3, respectively, and the server side network is connected with 
the Internet by the access server with a VNAT function. The closed network N shows the 
closed network which the company N has. In a device with a VNAT function, a VLAN tag 
is assigned per PPP circuit of each closed network based on drawing 1 6 . When the host 
1 uses the server on the server side network, PPP connection will be established if there 
is no PPP connection between AS1 and AS with a VNAT function (henceforth, VNAT 
device). In the attestation at the time of this PPP connection establishment, it is 
attested that this PPP circuit is the PPP circuit 1 of the closed network A. VLAN1 is 
assigned as a VNAT tag in which the closed network A is shown, in order to show the 
PPP circuit 1 until now, a child number is used and a VLAN tag called VNAT1-1 is 
assigned to this PPP circuit 1. Thereby, it is discriminable that it is the PPP circuit 1 of 
the closed network A. When the PPP circuit 2 is established, a child number is made to 
correspond to a PPP circuit like VLAN1-2. what is necessary is just to be able to identify 
which PPP circuit of which closed network described here as the amount of information 
using the existing things, such as what defined by IEEE802.10 etc., the form of a VLAN 
tag is in order to use the existing VLAN art 

[0047]About the packet which comes to the network by the side of a server through this 
PPP circuit with a VNAT function, as shown in drawing 9 , a VLAN tag is embedded, and 
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it is delivered based on this tag to a server. And in a server, it processes by operating 
separately the program which performs various processings for every VLAN tag, for 
example, OS. In this server, a suitable VLAN tag can be attached and sent out towards a 
host at the time of sending out of a packet by associating the information of the host 
linked to a VLAN tag. Thereby, without needing, conversion of the address in the server 
side network can use a server as if it existed in the self-closed network. Since the OS is 
operating for every VLAN tag, it can change now flexibly per closed network, the data 
referred to and registered can also use a VLAN tag as a key, and the operation can apply 
restriction. When sent out from the server side network to a closed network, the VLAN 
tag currently attached to the received packet is removed, a closed network suitable as 
the address for delivery of a packet and a suitable PPP circuit are discriminated from a 
VLAN tag, and it sends out to a right PPP circuit. 

[0048]Since the PPP circuit 2 is used when the host 2 connects with the network by the 
side of a server, a VLAN tag will be assigned to the packet from this host 2 to the server 
side network like the above-mentioned method, and VLAN1-2 will be used. It operates 
like the host's 1 case using this tag. Although the VLAN tags embedded at each packet 
differ, since it opts for operation based on VLAN1 which shows the closed network A, 
even if the server differs in the PPP circuit to be used, it can refer to it for it and change 
the same data. On the contrary, as for the packet from a server to the hosts 1 and 2, it 
is identified with a VLAN tag that it is a thing to the closed network A, further, based on 
the child number of a VLAN tag, the packet to the host 1 can be distributed to the PPP 
circuit 1 , and the packet to the host 2 can be appropriately distributed to the PPP circuit 
2. 

[0049]Since the hosts 3 and 4 have connected with the server side network via the AS2 
[ same ] and use both the PPP circuits 1, the VLAN tag to be used is the same, using 
VLAN2-1 , is built into a packet in a VNAT device, and is sent to a server. The packet 
from a server to a host is also sent to a host through a suitable PPP circuit like the 
above-mentioned host 1. 

[0050]VLAN3-1 which is a VLAN tag which the closed network with which it belongs 
similarly at the time of PPP connection establishment in the host 5 shows VLAN3 which 
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is a VLAN tag in which it is attested that it is the closed network 1 and this is the PPP 
circuit 1, and the closed network 1 is shown based on it, and the PPP circuit 1 is 
assigned. And it sets between servers with a host correctly by the same operation as 
other hosts, and is carried out. A VLAN tag from OS which carries out processing about 
VLAN3. The user of the company 1 can see the data which the companies A and B 
registered by enabling it to refer to the data in which a VLAN tag can refer to only 
VLAN1 and VLAN2, and communication between closed networks with the restriction 
which is needed for the procurement service used as this example is realized. 
[0051]Next, although it is the motion by the DNS (Domain Name System) server which 
carries out a motion important at the time of communication by an IP network, In the 2nd 
invention, surely a server is on the network by the side of a server, but. Since 
communication within a closed network is virtually realized by use of the VLAN function, 
The same use as the usual case is possible for a DNS server, and use becomes possible 
only by setting up so that routing may be carried out correctly to the VNAT device which 
has surely the packet addressed to an address assigned to the server in the network by 
the side of a server in a closed network, and AS which can carry out PPP connection. 
[0052]Thus, the address of a server is made into a destination address, The packet is 
carried to the server side network, Offer of service by the virtual private server which 
can operate as if it makes a change the minimum and users 7 network had a server 
respectively to two or more closed networks by the server of one basis of control by the 
side of a server is attained. 

[0053]The example over modification of the 2nd invention is shown below. The closed 
network which belongs at the time of PPP circuit establishment is attested, and the 
address of the host who is the sending-out origin of the packet thought to be a PPP 
circuit is matched per closed network. In this case, a VNAT device will have a table as 
shown in drawing 17 . A VLAN tag, VLAN1, VLAN2, and — are beforehand assigned to 
each closed network A and B — . 

[0054]If the host 1 tries connection to the server side network, the PPP circuit 1 will be 
established between AS1 and a VNAT device, and it will be attested that it is the closed 
network A. And VLAN1 of a VLAN tag is assigned to this PPP circuit 1 by this 
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authentication result. And when the packet from the host 1 reaches a VNAT device, with 
a VNAT device, the host's 1 address 10.0.1.13 embedded at the packet and the PPP 
circuit 1 to which the packet has been carried are matched. And the VLAN tag assigned 
by the authentication result is embedded and it is sent to a server. On the contrary, if a 
packet arrives from a server, the thing about VLAN1 will be chosen from the conversion 
table of drawing 17 by VLAN1 of the embedded VLAN tag, It searches by using as a key 
the address 10.0.1.13 of the host 1 who is a destination address of a packet, and from a 
conversion table, it recognizes that what is necessary is just to send out this packet to 
the PPP circuit 1 established between the closed networks A, a VLAN tag is removed, 
and it sends out to the PPP circuit 1. Thus, even when two or more PPP circuits are 
established from the same closed network, a packet can be correctly sent out to the 
PPP circuit which received the packet. 

[0055]Since it is a host belonging to the closed network A in the case of the host 2, 
VLAN1 is assigned like the host 1. However, since the used PPP circuit differs from the 
host 1, the host's 2 address 10.0.3.20 is matched with the PPP circuit 2. Although VLAN1 
is embedded like the host 1 by this at a packet, as for the packet from a server, the 
packet addressed to host 2 is appropriately sent by this conversion table using the PPP 
circuit 2. Also in the hosts 3, 4, and 5, a VLAN tag is assigned by the same method, a 
host's address and PPP circuit are assigned, and it is independently managed per VLAN 
tag. Thereby, a packet can be sent out to the suitable PPP circuit of a suitable closed 
network. 

[0056]Next, with reference to drawing 18 , the R-NAT device in drawing 1 , i.e., the outline 
functional constitution of an access server with a route side NAT function, is explained. 
Two or more PPP line processing parts 1 1 are formed, and the authentication section 12 
is attached to the PPP line processing part 11. That attestation which is which PPP 
circuit of which closed network is checked by the authentication section 12 in the case 
of PPP circuit establishment, An open address is assigned to the host of a packet who 
arrived using the PPP circuit with reference to the address quota table 13 shown in 
drawing 2 B among [ assigned ] the server side networks, The conversion table 
(conversion table) 14 of the PPP circuit of each of that closed network, the address by 
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the side of a closed network, and the address of the assigned server side network is 
made. If a packet comes to the PPP line processing part 1 1 from a terminal and the PPP 
circuit will be established, with reference to the conversion table 14 applicable to the 
closed network and PPP circuit, to the address of the packet, address translation will be 
performed by the address conversion section 15, and it will be sent to the server side 
network. The packet from the server side network is changed into the address given by 
the closed network side with reference to the conversion table 14 with the address, and 
it gets to know which PPP circuit of which closed network it is, and it is sent out to a 
PPP circuit from the corresponding PPP line processing part 11. 

[0057]In this R-NAT device, the processing to a packet comes to be shown in drawing 1 9 
from a closed network. First, in advance of arrival of the first packet, it is investigated by 
the PPP line processing part 11 whether a PPP line connection request occurs (S1), if it 
is a connection request, it will attest the demand from which PPP circuit of which closed 
network it is (S2), and a PPP circuit will be established (S3). 

[0058]If the conversion table 14 is searched by that closed network and source address 
(S5) and there is nothing corresponding when waiting (S4) and a packet come, the packet 
from the host who used that PPP circuit in this state, To the address of the packet, the 
address of the server side network is assigned with reference to the address quota table 
13, and these relations are written in the conversion table 14 (S6). The conversion table 
14 is searched with the address about an arrival packet, address translation is carried 
out by the address conversion section 15, and it sends to the server side network (S7). 
Since the PPP circuit is established, when it is in the packet waiting state of step S4 and 
an address is found by search of the conversion table 14, the packet which comes after 
that performs address translation based on (S5) and the conversion table (conversion 
table) 14, and sends it out to the server side network (S7). When not found, the address 
quota conversion table 14 is created as mentioned above. 

[0059]Next, the outline functional constitution of the VNAT device (access server with a 
VNAT function) in drawing 8 is explained with reference to drawing 20 . Two or more PPP 
circuit establishment parts 11 and the authentication section 12 attached to this are 
formed like the case of drawing 18 , At the time of PPP circuit establishment, it is 
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recognized which PPP circuit of which closed network it is, and the VLAN tag which 
corresponded with the PPP circuit of the closed network on the VLAN tag table 21 as 
shown in drawing 9 is assigned to the PPP circuit. To the packet which came through the 
PPP circuit, by the packet converter 22, the VLAN tag assigned to the PPP circuit is 
added, and it is sent out in the server side network. 

[0060]The packet which came from the server side network searches the VLAN tag table 
21 with the packet converter 22 with the VLAN tag, and removes and sends out a VLAN 
tag to a corresponding PPP circuit. The processing to the packet from the closed 
network in this VNAT device comes to be shown in drawing 21 . First, a PPP line 
connection request occurs (S1), that attestation which is the demand from which PPP 
circuit of which closed network is performed in advance of arrival of the first packet (S2), 
and a PPP circuit is established (S3). 

[0061]Then, if a packet arrives at the established PPP circuit, the VLAN tag which 
searches the VLAN tag table 21 with (S4) and its PPP circuit of the closed network, and 
corresponds will be taken out (S5), this is embedded by the packet converter 22 at a 
packet, and it sends to the server side network (S6). When it explains with reference to 
drawing 12 and drawing 17 which do not use the number which distinguishes a PPP 
circuit as a VLAN tag, a VNAT device becomes that the VLAN tag table 21 in drawing 20 
indicates correspondence with a closed network and a VLAN tag to be, As a dashed line 
shows in drawing 20 , a PPP circuit is established, and if the VLAN tag to embed is 
decided, the conversion table 23 showing the relation between the VLAN tag as shown in 
drawing 12 or drawing 17 , its PPP circuit, and the address (sauce) of the closed network 
of the packet will be created. The packet from the server side network determines 
whether to send the packet which removed the VLAN tag to which PPP circuit of which 
closed network by the packet converter 22 with reference to the conversion table 23 
with the VLAN tag and its (destination) address. 

[0062]In the processing shown in drawing 21 . as a dashed line shows instead of Step S6, 
a VLAN tag will be embedded and sent out, and the conversion table of a VLAN tag, and 
the PPP circuit and address (sauce) which came will be created, and others are the same. 
Although this invention was applied to communication between two or more closed 
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networks in this invention is applicable also to communication with the multiple 

user side network and the server side network. 

[0063] 

[Effect of the Invention]In this invention, each closed network is connected to the 
network by the side of a server by PPP connection, and various control can carry out 
easily at the server side by the address space assigned per closed network by attesting 
the closed network and the PPP circuit itself which belong at the time of this PPP 
connection establishment. Thereby, to the user terminal of two or more closed networks, 
without losing closed offer of the common services customized to each closed 

network is physically enabled by one set of a server, and from each closed network, it 
can use so that a server may exist in a self-closed network respectively. The housing 
service which provides construction of the common server for two or more closed 
networks which are needed at the time of the project execution which needs the data 
exchange between two or more companies which will increase in number from now on and 
are expected to die, and operation of a procurement service, employment, etc. can be 
developed. By using this service, a user does not change the closed network of his 
company, Since the project which employment of the common server which is easily 
needed for a target for every project temporarily can be performed, and is undertaken by 
cooperating with two or more companies can be computerized smoothly, without losing 
closed The service realized by this invention can count upon the deployment as a 

new supplementary service of the VPN (Virtual Private Network) service which ISP 
(Internet Service Provider) is offering now. It uses that the connection establishment 
which maintains closed **** from the server side realized by this method to the host of 
a closed network is possible, The server which can use the various services provided for 
the server side network with two or more closed networks integrative is built, and 
deployment of individual-oriented portal site service is also attained. Thus, this invention 
can count upon the use as a means to build a closed network-oriented new information 
distribution plat form. 
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[Translation done.] 



* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the 
original precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] The figure showing the example of composition of the system which applied 
the 1 st invention. 

[Drawing 2] The figure and B which show the example of an address mapping table [ in / 
in A / R-NAT in drawing 1 ] are a figure to each closed network showing the example of 
quota of the address space of the server side network. 

[Drawing 3] The figure showing the situation of conversion of the packet about the host 1 . 
[Drawing 4] The figure showing the image of network address translation. 
[Drawing 5] The figure showing the utilization course of the network address space 
assigned to the closed network. 

[Drawing 6] The figure showing the situation of the address translation in a packet. 
[Drawing 7] The figure showing the relation of the feature of the 1st invention and 
conventional technology. 

[Drawing 8] The figure showing the example of composition of the system which applied 
the 2nd invention. 

[Drawing 9] The figure showing the example of quota of a VLAN tag. 
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[Drawing 10] The figure showing the operation to the packet of a VNAT function. 
[Drawing 1 1]T he figure showing the operation in the server using a VNAT tag. 
[Drawing 12] The figure showing the example of matching of the VLAN tag in the 2nd 
invention. 

[Drawing 13] The figure showing the system in the example of the 1st invention. 
[Drawing 14] The figure showing the example of address assignment with the R-NAT 
device in drawing 12 . 

[Drawing 15] The figure showing the system in the example of the 2nd invention. 
[Drawing 1 6]T he figure showing the example of quota of the VLAN tag in the VNAT 
device in drawing 15 . 

[Drawing 17] The figure showing correspondence of the VLAN tag and address in 
modification of the 2nd invention, and a PPP circuit. 

[Drawing 18] The figure showing the outline functional constitution of a R-NAT device. 
[Drawing 19j The flow chart showing a part of processing in a R-NAT device. 
[Drawing 20] The figure showing the outline functional constitution of a V-NAT device. 
[Drawing 21] The flow chart showing a part of processing in a V-NAT device. 
[Drawing 22] The figure showing the system of the conventional PPP tunneling 
connection. 

[Drawing 23] The figure showing the system of connection by the conventional NAT. 
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2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 
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PPPHMfifti:, **>P P PBHft^BfJIi-**— V 
F7-^S-SaEL, 

(Virtual LAN) £flJffl1-&B#KflJJB1-& V L AN *r 

10 msu i- ^ ami * , ±iBMti ztitzz-- *rn * v f 7 - ^ 

CO P P P @^J: *9 C07^^r y F lw#in t -C-9— ^-TfJ* y F 
7 -^^l), 

fr-?Z<r>n>r y FC07 F'l^^. t V L A N SrgfeSU-T *ffi $1 
t P ppBHIko»J&**EttLr*S, 

* 9 YV — iriPb n^'r y F co V LAN SrlRSO 
•T * tS^Jt W 7 KV^i*?? ±fB*tlD* * LtPPP 
UU.^i^.t>X, ^(D'-Vry F * J- - ^ffij ^ •> F7-?<0 
^■<OP P Pg||fttcjS«£. t *W8kt-f2>*y F 7-^Tfl 

20 8 ] «&coa--iffllJ* yh7-^tPPP 

(Point-to-Point Protocol) C J: U »**S*L*-9— 
H-y F 7-^ fcOW^KJti!»*t4r^-fe^-9— ^<»fl|-C 

ififfl* F7-^C0PPP Eitr i: &C#J 19 t> 
W;7 KV^SM*E1t1-*7 Kl^^^#J*)atf- 

gSLr<^»g*#tm-fl^7 F7-^<0fc*cDP 

p p b ** k m -t %> mm. z ?t o 3ms t , 

JLfeiSiiE § tLTto.— if fJJ *7h7-^<OPPP ElfetcW 
30 U ±fB7 F'l^^^P H 1#Jl9STT--7^t s t!l 1 9St:C3J 1 , 
TV^4 1 ocot YV*\Z, ±fBP P P Hilfti "9 ff)WJ 
h07Kl/X*tftLT-rC9^7 F *-9— 7 F 

7-^«47 KV^le^St. 

•9— F7-^^fjC0/N"^7 FC07 F*V^.*±I2 
SB* 7 FV*ffitt*«*#flSLTSe!feU ^o±K'r- 
#B?, L TSBf S jl- ■f % * y F 7 - ^ co P P P 

40 -f£7?-fe*-9— ^Sfo 

[11*^9 ] a- ifffl*? F 7-^ COP P Pl»"b 
<r»**rv F f©7 KV^ICJ: «9±IB^7 KV^IE 
'lt^S*#fi?.LT7 F*V^^LT-9---'^filJ^-x F7- 

^ * ¥® * m *- z. t & mm. t -r %> m *m 8 1 b«<o 

1 0 ] ±E7 F^^^^(±^^ 3T F <DT 
7,7-4 ^-V3 >7 ^^ffl^^ F 7-^co^ 

so m^tfl 1 1 ] ±SB7 KV^SE*^S»i, /<^r y F * 
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-*KB*TO#- K It x. * £ i: * 

•9-- ;«io 

[f*Sl2] ^CDJX-Hffjj^-^ h>7-^ t PP P 
(Point-to-Point Protocol) J; ^iii£;rL.S>-9— ^filj 

■a-^ffl* y h 7-?©P P P BUSS, t VLAN (Virtua 

i lan) imm-tzmzmm-tz vLAN&nsu-r a 
urn t §b # * en l * v l a n mmmm f-^vt, 

P P PglWSftC *OPPPII«iS»iroa-ffli* 

±§BfIIJE $ - tfffl * y i> 7 - ? <*> P P P miti £ 
tD-t Z> V L A N £ KM "7 * fit$R £ , ±.Ut~7)V* #M 
Lt*», ±faPPPEiSU IJO^f-5r-> HCfj-JinLT^ 

•9— ? h7-^± tyco/-?^ y ]- WVLAN 

— ^Hil*? h<7-^^PPPInlia^*^fcS-*#i- 

[ft*a 1 3 ] *Hfc©.i— 9*ffi ^7f7-nPPP 
(Point-to-Point Protocol) \Z X *)&ffiZ*l&y—s*M 
* y h 7-^ t(D?$Kmi bti&T s<mW.X 

i-fl^'^^-^tVLAN (Virtual LAN) * 

"mm •* & u# k* us -r & v l a n £ i&gui- * m « t o gg# 
p p p««w:srj3Ffc, wp p PHawciroi— 9*«i* 

±ESiE $ *L - -ffffilj **I&T & V L A N £ ft 

SUi-*«»«r±IE^-r^*#KlL.r*ft. ±IEP P P 

±M'**ry h©7KWi, ±|SV L AN£l£!Sij-F&-|« 
fSiiJilEP P PBaifcOWJBiEiflEltl-i^Ri, 
•9— ^ffl*? h^-i'J:')©^? V LAN 

BttJS* * Lt»tJ^-fI^7hy-^OP 

p p issMi ^fgi^ *«r ix^m - /^«o 

[0 0 0 1] 

|t0tfcD**^-^co*;*.7M Vf* 0goL--9Mffl 

m*}-- tr* & tv^y^j -7 ? ^•9— tr ^ * ztib<DSL—if 

1^7 h7-^ (WUH) ±©-9— '*<DW-offimm%- 
^?7^XU 9*ffi*f h7-^0--Xlc 
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* If S^aa^T? tr-f - O** ^ H1" 4 o 
[0 0 0 2] 

ATM, FR (7WA'JV-) SrffiV»fcfclJ, IP 
(-Y v h-/n h rr;w) > y*'J >?imMLX 

10 floTV^ 0 £ fc, #^"7 > & if^tBrfc*" k £ ft t> CD 
HJttmwfiflfrf ajf-frfctt, PPP (Point-to-Point P 
rotocol) ^-f-CDiSSft -?-$>.!> L 2 T P (Layer2 tunneling 

Protocol) zm^r^Za mmmfflommrf&femm 

!feif^N-^9 v^=fc-9--tfxS-. #MJ*»i±«0-9— >*<r> 
fti" * -9- - ib**- ^ * %> tt(± 3 ^ b 

h-9--^t«D#^*#x.So 

[0 0 0 3] 5WE> dfc*4ifOBB**IO«ljlElw*v»T 
l±, *v V V - ? <D%M%&RK £ 2> I P7 KV^co/F 
JEcOfc^lc, n-^;i,7FV^^ffiv^^ -O^-?- 

V X L t * fr 7 -JSifkim. hfiX^Z, a 

tciilWI— COT KV^. ftS t (iPI^^V^cOT^ # 

**?F*3eT?*4*^ #Wlw7 £ t 

co-C, % y h7-^ii*:n-A^7 K^*»»i: 
##i-4^/6*#v^ l ^co^-^-ei© J: d 

KmmZtiX^ZfflMMKttLXW- tf^4lttS-#x. 

( 1 ) ■9— /tn* > <7-? *j<hLfc^jE*» 
40 »4t*Kjh, (2) Sfi»Lrv»4Hi*«ilBH:*»t4TK 

ux&m<om&. (3) ^-/<*»'fe»»»5it*-s-»feiRF 

[0 0 0 4] £co-9--/N*<oaSillC{± % @Eff^cOL2T 
P (Layer2 tunneling Protocol) ic-ftft$tt4 P P P h 
>^>9 >^*S#, NAT (Network Address Trans lato 

r) izftmz tihTYv* &mm<o 2 mmn^m 
«ft,i,tv»ii 0 t-f, p p p f >ymRK£ 

50 m^vmrn^nrnz* *) . ^tzt^^(ommmiz^L 
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2 2 \Z7Ts-T i o K. MttM A. B if 4 Y 

/n* (AS) £aC. PPP h>*V>?*mML 

x^-/m*y Yv-f <ommr t&mL 
xy—^tmtmmtztix^&o p 

£ J: -5 E-^-S - t § -5 o £. *UC 1 9 . F^««cO# 
( 1 ) Wtt5«-Ct±^g*lcn-*;vr K V* * S ft K#J 19 

[0 0 0 5] (2) t-;^/Tt7KVX^*Siif 

(3) Jisk^feoafmis:!*^- ^fli*e>T kvoi* 

(4) t-^fl«)*7>7-^*^LT, Httffl*$£ 

19, •r-<T(7)if®w»*^t : -i:'fcv^ 0 

[0 0 0 6] Sfc, BB*«I^SfiRUrv»4n-*>i/T K 

TV^1^^#V> 0 iOBfNAT (^7 h7-^7KV 
Kflffc ± >9 , 11 2 3 \Z7f--f X -5 IcM^Rcoa 

U r«0NATt±iiifi<J^n-*;l/7 Kl'At^n-Ajl/ 
«9**l- (»*) W©S«©»g||*fT5fc»K> (D 



6 

SjR*««J Vr L tz$k.<D n - * ;u 7 F V* £ #W K#J 19 S T 
sg * ^ CO ^* u - / •? ;l/ 7 K U * * Jf o -9- - ^ffl lj #> 69 'If 

L) 69^-Vf^.t±/FnT^ (2) t-n*##|tt«ri 
©BSE (IftSU) £ irt*-e§£Wc*!>, #F9fSS* 

EH, (3) NATWli^n-A>^7 Kl/^W 

m&&*) , •9— s*mmizint2>-r'<x<Dfflm<Dm&:i!J s x 

[0 0 0 7] f/c, NATfifc«fiflt»i»*&3^-eagi- 

TXr-i v a >7 V\'A<D'8U5<D$S.&*ftz.&C i 
scottCUNATWiib PPPta^LTtN 
ATfcisv»TW\ t-^t©Mi:P P PS«*«lt^ 
■9--/^ J: 19^19 Hi ^^^r^D-y^H P7 Kl^Sfflv* 

20 ^n-zsw I P ^.-y b 7-^ tOIf i:^v>TNATl8 

tis-tfo i<of*So i)?»a$*i.fcp p Piaiams 

©NAT ojm i:*oTV^ 0 i <75&#i IJffl L TSi® 

mX-fZt, P P Pia^lCNAT«rfi : x.-2><Of 
#&-r5FIJJS-t£-9--fcr*&#** T^XLfc 19. fljffll" 

mm***>*>o 

[0 0 0 8] 

30 [»W*»»ftLi -5 ti" -S^H] (1) ^f^7VM: 
P P J: D SE* * *t 4 O t» P P P h > * 'J > ^K* 

isfiiffli-iW-ft-traaiK, n-**7 Ki^^-et^?^ 
t?7 4 7y}-Ktmi-z>mii.m<D*x YfrbwmLtz 

[0 0 0 9] (2) PPPf«?|l«Fi:^l) t*Z*ltzT 
KWCMLTNAT^^^ -€-«07 KVXlc^t 

PBia£?S2:L. PPPt<t*)lX*) ^:^6 *b 7 FV^ 
so [0010] (3) t-^St7F^i:MLt$JI 
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tr h'isxkm-K%2> tiELimm&ft *.ftv> 0 <eo 

•t * <9 > #B9i*«Sr t*<75 J: d ft n - # ;v 7 K V 

* * at * « fc » ft ¥ t n m ** sfl»* & o 
[ooii] t o fciimtf 1 * 4 v», c i s 

c ottOHSL^NATSIflt RFC163 1tgi 

-.XT KV^tf^f-* *-v a >T KV-XO&^Kft- 

JISS:IV>T7 KV^SE*A«^ri6-C*»), 7/'J^— > 
3 #tcDNS (Domain Name System) t 

T <7)^«: 4 ttttOTHft-C & 4 c ft K J: »J , 

^*<73 N A T&ffi-eitm Lfrv tz ifu-^frT K * 

a, ^as©*? > 7-* ^a^u-r^r Kv^.*wpi-r& 
ftt^i ^m&m<DW'=>mw&E*Qk-oz.k *>x%z> 0 z. 

fc, (1) t-;Wvh7-?6n-*^TKl'^-C 

h±W9— /\*ftfcW&ffl©41-«9*X h tl 
H1--£/t£>^#l73?>* ? f y-^T'NAT^^f do i© 
8*, fHttfcimtSHtfcfT^ CttNATCfllti^n- 

t l«-l*t*BKLftv»|RlJ»i«feO*^ F^tl 
ft v»fcJ6a«**T lfi:ftir*4. £ ©»<6"9— Mfli 

[0 0 12] k^-otzF^Wtf&Vlr^XiMikX^* 

[0 0 13] 

[KJB * Mik-t 4 tz a ©#«] mi&w 
m i §&w> m 2 §tm tis ^x i> j. - *r ©f w t -c v» * % 

15:<75 - nf flij 7, 7 f7-^ (m^v a. - -if ffl ^.^7- 
?*Mi$fflt LXmW1rZ>) t*V—'*HO*? YV-i? 
HP P P (Point-to-Point Protocol) Ci SiStff 
do i©PP PSMitJABfOlgfiEH^v^T®*©^-^ 
©KiEHiDx.. P P PftllfcfToTifcifcttTG^irwfil! 
3*$H© fOPPP UM^^ISSE&fr 9 . ■* l SRC ± *t 
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JHOiTOP P PHiR**jjr*-fflF«*£P P PHttC#J& 
BMLCtt *) m Xh *.1Z J fr-/<%*'9 h 7-?<7>7 Kl"X 

t , #skies c t f> ntzmm 1-4 -9— 

^Ot- e^HJCSC7t^- h#-§-£Jlv>T, P ppis 
^lLTt-/N'1^7 f7-^tCAoT< 4/tf*£>ffiT 
v>< M:JtLtv-^tf^fU-y3 >©M 

10 [0014] Z.(7>mi 1 %WX\*, *)r->m*v \-V-ir 

K&^x&ffl®mm±K7 K^$«*«ic«9a 

V^SFflfi, ^OMUiOiDati. ifPPPI 
Agffllt, h^3it I Wl9aT*ii:tc1-^,o » 

M|tffiTPPPia«ic«i!)sr*o *u, 

20 -M»LTLS -otzV P Pi^CMLT, PPPCOLCP 
(K^7'n hn;v) ft f Srfflv»r»WK P P P Htt£tl 

#?T#*o *fc> I6WlCPPPIl^*t!l'9^T7 , i*-&. 

for Ki^^sra*-?-©fflJtfflok*oP P PI»:«i) 

<offi3i^<Ds*4ry y ^a^oftp p p mmzm*) m-t z. t 

30 tfT # h o 

[0 0 15] iOi?KBa«#Uittt-C««?a-C*«-*» 
ft*»«l3£ Ltv>5<?)T\ S1LT<* ®mm<0 7F1/7 

ttz, 7Kl/X©^lit-/?fl-efft) 
tSt-/n:7 K^^*#^1-*it^nrt6-t?"li ; »9, * 

40 ttfx&Zo £1T. :©7Kv^»it : S:, ;v-h-9- 
■f FNAT (£1T, Root-side NATi KliRNA 
T) tDfiSo 
«2^l§ 

*i»9!tra#fcPPPaMt«S:i*K-t©H«ioJli1-* 
r^Hitffl^t'tL^coKJE*^ do -f-LT, PPP 

mmmztt<Dmm<Dffi®.m<Dum*i&Tm^ pppe 

iaH^tL75 s i:'OS3*«co if o P P P EHft*»*»SllT § 4 
CtMVLAN (Virtual LAN) Srfljffl-t 4B# KfU 
ffli-4VLAN*»S0-t-***i:**fJEBfi-tt4o *L 
50 -c, iOVLAN*ffc»li-*flt4flt4i:^-f y^V^ 
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P P P UMLJ: "9 CD/-?^ * h *»■£<, * UT, 1 &<D^- 

a k & v > r & v l a n & aso 1- s it k #atos * 
fx "9 o s *»^$*«ra<o-9— /<*nai-*o 

[0 0 16] ££. PPPEi»KH*iBI*lfcStli-*^+ 
* 4 V L A N * «W * flWH * »iS# «■ * tt » ^ 

VLAN^lglJt*lff*fiKff?o £*U- 
i 19, a.— ifco*-;/ b 7 -^K^jEfciD 
V L A N * mSlJ-T * fll « £ f ijffl L fc ^ - ; «* * v b *J ~ 

2*t*:P P P EliSU^fc < k *> H«M«'IKB0-CS * V L 
A N * 9 IS T * JtttflT, V N A T 

[0 0 17] 

A, B, C*M h/^«t-€-tt-rtLT^-b 
^.-9— ^ASSr^-LTg^Sft. > * - * ? b 
iffli-v— -^H* V F7-^, £ £ Root-si d 
e NAT*i6#lT^*^t-^R-NAT*^Lr« 

KttLXM 2 A \Z7fi-f i 9 K T K t-X^ffi V)MXhflX 
n&o o£ v W^*HA05#or KWSBi:iv>r, * 
^. b 1 lz\*7 KV^l, b 2 tear Kl'* 2 . 
b 3 ^(±T PI'* 3, flJJ31-& Server KtiT Fl/^ 1 0 
0 a s #Jv STlbtLTV^ i:i--5 0 Server ti^-^#JC0* 
-7 b 7-^lCj3^tLTV^*^ b CD— o-e* v . i<DSe 
rverti^-MfliCD* -7 b 7-^ Ki3V*T. T b* \s7- 1 * s 
4x^tv>S. ^-~^m<D^y b — 9 \z& 

v^-n±m2 BlZTjii-Xi tcRSttfflA, BlzHLXZfiJ? 

fim^<oT y\/x&ffl&m±ztix^2>o M&MAfrb 
mmLx < i>m^mK7 k^si 01-300 *mm. 

LX£t), ^(D^ib, *XMi*^h 3C0flJfflLTV> 

&p p pnnfii *t>iitt < zmMmizr vv^m i 

01-200*. *Xf2 mm LTV.* P P P g|jR 2 
^f>iSLt< 4SB5lUHfcT KV^»2 0 1- 2 5 0 * 
■Zrti^iim'OiMXX^&o ^-U, S I )07K^S2 
5 1 -3 0 0(2. tira<0«|iJ^TSr'ttV^o/;»^lc, 
P P P Bilftl , 2 K*tL"C»tt'Kd&S!CJSCTt(9a , r 
So mi&'ffl&<DW^>T VUXgffiKte^Xs *X b 4 (C 
(±7 Kl/^ 11, *7.h5 Ki±7 PI'* 2 2 . MMirh 
Server K t±T Kl/^ 1 5 0 ri*&*#J »} MX btlX^&o 

z biz, y—sm<D*v yy-tiz&^xitmmfflBfr 

t.®ILT{*S*IC7F^i3 0 1 - 3 5 0 
±LX&*), -?-co? 7 0 1 -3 1 0 i X 

tiMWtlHBOJHsleAnaSBt^l-* P P P 
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*)MXbtlX^& 0 tfc> 3 1 1 - 3 5 Of T-l±P P P 

m%ki i,z<%y)mrbixx£ cop p P0^*fijfflL. 
ts c c<oi^:> *r-sm<D*v y y-fx&mmm 

pppiasifcWB-*-*** »«* 

[0 0 18] #H^l"^^tL^r^-fe^-9--M 
10 A S k Root-side N A TCO*iig&t#ogE«R - N A T k 
<0HH4PPPtt»*n.TV»4 o HttffJOtfftUi, 

icop p p®m*mmLxv-;*zmm-r&fr-. ppp 
h y?*mm Lxw&*y-^m\z&-frfLtzRoot-& 

ide NAT««6ft§«« (R-NAT) tPPPgi* 

[0019] fit, *f-j*m<D%-v y r 7-^±«5%a 

^C^ltffllci3V^TflJfflpTfgK-t-5>cO#\ iORoot-side 
20 NATt*J„ iCORoot-side N A T /*%X- %rffl 

RU H««fcOPPP»llalAl*Ki(filE*Sf*L-CV» 
* as* 3i*iE L v-» f ^ k ^ 7 * ^. h H5 f 4 <0 ^ 
IE«tt-C4 < , SSLt < *«*>5 s t-~c0MJ«M^ if OP 
P PH^^JR-tS^eo^iiES-^fdo ico^**S^. * 

e>^c*-?-coK«*Bop p pm$uzmMztifc7 yu* 
w<o bmmzmtft \z r y isx&m •? « & *lt * # 

^litit^t©*, ^-^T^^ti, pppbm 

30 *syi9ffi^o 

[oo2o] mncjov^x, h nqnnuift 
p#, ppp@**»4/*«tS:Lrv»ftv»»^, fU^LTv^ 

5AS (T^-tX-^--^-) ^f>P P P 0*Sco«6a:^i± t 
4 0 , icoB#, icoP P PEIA^Mi^fflA^^iOP P P 
111 T-**i k<DWMZft do *tt, rco^i*«A 
COP P Y"®k%\m\z~?-)\>ZtitzT K^SH*t7K 

P P P0«ll ICii, 1I'2 BK^-f J: 9 tcr KV^^H 1 
0 1- 2 0 0i t H^>ilT£^ iOSIW*»f>ftftU-§- 
40 x-5C0-C\ h 1 5PJffl$tLTV»4V»T YV* 1 

0 1 h7-^tc^v^T#Ji9aT-l> 0 of 

•9. RNATCi "JBMMBAOPP P Hi» 1 J: v C0/^ 
•> M:o^rWIAt4x.f>ittv^7Kl/7 1 >6 S 7 
Kl/7 l 0 1 CEi?Wi tic4^, 0 i<0M#^H2 
Air^i-.td K&k LTK'lt$^4 0 ^co^. MMtMA 

cop p phi ^ilt*^ > i ii^h^'rv y±m%-f 

St. -f-cor Kl/X 1 lei "9 0 2 A©tl;#ISLtt- 
f9-^C0T Fl/X 1 0 1 KgE&SftSo IWlflS 
IC. b 3 ^^>co/^ 7 b PPP M%H 

50 i i^iv^ Zkxm— ?>7 Kl^^^H^^lbfi<Jlc*^ 
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b 3 flJffl$ttTV^v^T VUX 1 0 2#|Rl*)iST?> 
*U RNATtCi: *9 b 3 <7)3$o 7 i s T K V 

* 1 0 2 fcS5jfe$*L4 0 \ 2***wtfcJjaM-4» 
JgU^PPPEia-e*&PPPIfflj»2S:3RlfflLTV>& 
<7>T% P P PEI«2fflKffl«S*LfcT KV*a»IB2 0 1 
- 2 5 0*fe« »)3T4£4:K:fc!!U 5fl|JBS*LTV*ftn 
7Kl/^ 2 2 O***— f 7-^"C«9are> 
tU RNATi:J:^7Kl/X2^7Kl/^22 O^ft 

£*l4o 

[0 0 2 1] h 4 P P P > U >^*3pJJHL 
T*- /^0«Hll[*PPP*«LTSTda9, PP 
PEI*ft^5tS:**(iCf RI^OigfE^i: 9 ^ 

<7)PP PBilft^BBaHHB^^OP P P@«2-e*^i t 
*nMES*L*o Lt> iOBB«IHBOP PPHj||2^ 
tt»ttK7 KV*3 0 1^#J v^TfefrTV^^T^ R 
NATtc J: 19 h 4 (D¥?*oT YVTs 1 1 3 

0 1 £-9— h7-*lcj3V>TjE*$fL4£fcfc 
&4 0 ^^f5W-;^:iSt^^> fiJffii-^PP 
P Eifta* BBS»B BOPPPi»lt**u fc'* f BIE £ 
*U PPPMl fcJB*3tL*:7 1 1-3 
5 0 3^fe3Rlffl**Lrv»arv^T KV-XrtTftMfc:*;* > 5 \z 

mvmxhti&o 7KW3 1 i#m*)Mxb 

tlX^& 0 > 5*&-9— a^O-^*-? Hi> RNA 
<fc 19 > 5<7)ftor 2 2 K2*LT7 Kl/^ 

3 1 1 ^t^&Zil&o 

[0 0 2 2] ifc. »«Bfe*C»3feSfLfcServerOTK^ 
X /^fllO* ? h 7-^ frw isv^r Server St 

f:7Kl/^^«^T% PS*iAt:iLTIi 
Server?) 7 0**7 Klx* 1 HttflBt^H 

LTteServer<£>7 KI^ 1 5 0 **T Kl/^ 1 

■9— b *9> •Bfl9fcl£4>'9— /tfci 

■fJ««*l#tt^-tr^«ft*T«riS»c-J-*o +BU Serv 

[0 0 2 3] Root-side NATte. <IC9 7 KV^^WJtB 

ServerOWWW Server > 8 0) SrfllMl"* 

h 1 co^? H1RNATKJ: f)-H3 ^^~r 

1 ^^-/^O^y K @3 B tt-9— ^fc** h 
[0 0 2 4] of 19. Root-side NAT te3obfZ> 7 
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l/*£Hfcj5V>TServerOT¥ft Ltv^^ y > y-^co 
T Kl/^», N e t BJi-9— AflJO* ? h 7-^(7)7 F 

*fca&fc*tf>T*4 0 Sfc, B5KS-i-J:dK*(Bi*IPl 

-?t:»«uv^4P p p mmz&mzm *) mxh 
*u jsmoshhu mmiizm*) mx btix^z&mtfn 

e>4<&ofc»-fr£. ^J£LTv*4PPPEIiiafc»LT 

10 *)mxbfitz£mi$, m*)mxmi<zt*<7)FPFmmzm 

9aTt^fIt^iJ:t, b£ii-gU&PPP 

NMKM«<¥ Offl * S 4 o »t * * 

ffl*s*tfcr kkx t#>*iti6#W4 r t * 3 >/n°^ v 

3 > (Compaction) #ffl^«tC^V^T#J *9 ffi?> tl 

tzServer<DT Kl^^ /tfljO* ^ h 7-^^iott4 

t-^07 KV-XJCjEJfti-4i (Merge) kJft 

20 t^rti:t^ 0 4^, ®Compaction^ti^*tcft| 
«^ti/:7 Kl^-X*feffOH«*IOif^P P PB1«* 
SrH2A, B«r#MLT|iaiL. *OH«IH^j3tt 4» 
*<7)T KV^^SEJfti-4o ^Merge SEJfeJi it Compact ion 
fc»*6»fc*L4 ^OH*iBtcJli-4Ji**Ofl|«[* 

*T-^(DT Y\s**mMM\tZ&tf2>*y<-;*<DT KV 
^^S2 A*#flRLT**-r4o fLt, t^r^Mffl^O 

fcr o p p p iaj»*o«go \z i n 4 jg«i ^ p 

30 ^ t x >f * - -> 3 > T K tc±IB«03EJft* 16i: 
^i" J: 9 ifc. fijffi LTv^4-9--/<o#- b# 

4#- h«Hg-^fc«»i-4 0 

[0 0 2 5] iO#BB*JHtttC-^Afc*Lfcr Klx*£H 
tt. W*i-4»**ItcBi-4«|EOtt*tl9aT4ii: 
#T Klx^*fir<?5Ba«aiiT*4*tiBBEStLTV^ 

ffl-e^ih*r4^ tx, m^tLxmmmm<omm^m± 
&mi&Mitzm*) mx t>titzZi<DT vux&mi&K 

L/:^ #H«»I^»LT'9---^tc*v^rf0ffl"CS4# 
-ea«-r 4 -9" - tf * H ^ 
*-X^T>fXi-4it*nirtBk:*4o ^*iS#f^»lf§ 
W (fr- h*M KNAT) Off^i7 Hi hftXTji 
1-o 

|2ji 

»2*W#affl?*t4 5/^7 L AaijStH8tc*i-o Htt 
MA, Btf<ttl<?tlT?<*:A*)--^A 5 ZifrLXJ 
50 h/<&#*fc»jRS*u ifctw^ny- 
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Y/4&mtmmztix\,*&o vnati 

LAN^^*#(B*«IO#PFPHaiKil!ja-C4o J» 

IPJfc^jh^T^-te;**- ^ASli, -9— ^ 
-^^SVNATffii^o7^-b^t-/WNAT 

[0 0 2 6] ^^M, 2, v^"f*tfeBJJ*JBAO 
^XKfel. Zbfrh, H*»A*rjSi"VLAN*Wffl 
f & B# KSRIfli 1" * V L A N t K80 1" £ flWJU « x. tt V L 
AN^^i LTVLAN 1 ~ x&m*)MT btl&o >k 

tTt?xt(K0ST4o h 1 t 3*±, Bl— OPP 
PBUftltf^Sfe-CiStK VLAN^^t tTVLAN 1 
- l#PPPi»l t#J6f**t**tTV^ 0 
h2tt> H*BAOPPPia»2*«fflLTj(f«LTV^ 
5:t*5), VLAN^^kUVLANl-2i t «S 
■t4PPPlHlilfc2^JtJSft*tS*tTV^ 0 RM*K N 
h4, 5ttH*MHBHHi-4*^ h"C*«ik*e>. H 
WSB^^tVLAN^^i LTV L AN 2 - x **« 9 

mi&iWfi$1r2>tztt>K, f 4t:ttVLAN2-2# 
h 5 KliV L AN 2 - 1 A^WDSTkfl&o 
[0 0 2 7] HI 1 0 ItZjjk-tZ 3 fcVNAT«tB***o« 
fVNATWv>TV L AN? ^^#J^ St^lg 

iitfo f LT> ttfV*^? Mi> IEEE802. 10 
^ V L AN#JSO^>f 7 ^ > ^«i£4 Wff^VL A 
NftftcJ: 9 Server tT^OVL AN * ^frdfto^iitf 
ft&o b 4 Server t±> HI lfc^t"*? 

\Z V L A N * glj * <D $m Zftltz® Kmtl <OOS 

VLAN^^WL 1 o<7)OS«t^J:^ ^i"4 0 
o2*9> VL AN 1 -xO*^fcH1-4J6S*?T?;fcft 
CQOSl, VLAN2-xO^^:Ht*Jl!klS:fi : a/c 
#)<7)0 S 2 & i: 1 ^7yV^4>tI|<DO 

S*l6f|s&**£fcfc&*o -9— ? F7-^t: 
£v>T&, VLAN^^tiWy h^ESWfctt 

KWi:HLtf-; m T iiffir' SEife & R *i 4 
v^ 0 icoJ: -9 l^twn;fiv>tVLAN^^ 

»2»W^SE?&ffll*J5JLT^*i-o ** > 1 , 2, 3»iV> 
1*ft6B3:W*BA<£>** YX-Jb&Ztfrb, BMMBA** 
fVLAN^^i LTVLAN l^DStfehio.* 
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K> W— H*IB*feOtllkOPPPH»OT>a:*fL/i» 

^■fTKV^ fcPPPBHHiWJSftW-fto **M fc3 
te. R — OP P PBUl *S>*TiJ»K &*<OTYVA 
^PPPEimi^fi5#tt^tt4o ^^h2t±. 
i«IIA^)PPPM2 *WBLT**tl,"CV**t t* 
6, VLAN^^tUliVLANli^ijattii* 
^\ \2<DT KV* 2**P P P@S2 »Ci*J6#»t* 

10 tt4o 

[0 0 2 8] B«C, WM, 5 liffliMHBfcJR-*-* 

LCVLAN2«^T^Wui K4£o BJttt#iA 
tofcPPP H*fc^ ? >fc SS 1} 
iK1-fca&fc** h^T KV*fcPPP0»fc*»JS#*t 
4 0 ££>*fra\ *^h407Kl/^* ? PPPB»2N 
KI/^^P PPItl K#JSftttfctL* 0 
El 1 2 tc^i-J: o i:iOPPPBillk*^h07Kl/^ 
(DnJBU^ltV L ^ ^m^^fd <OX\ VLAN 
20 i, VLAN2<7)#^i2:LtS)£#frtW^^o # 
VLAN 1 *cBBi-4*tJ6#*tttJ0LTOJ:d 4 
O t 4 & o - <7)W£# *t K * v> T *«f 0«a«F*J & -fr 

4 tiOVNATSMffotv>|,gti:^v^ 

lt> 4 h tea* 

so ppil^^o 

ofcpppiiii^iaajnuty-eiio 

Rfc4 4»^"CO*#«lt?*4o 

40 013 tc^-f i ^4^7 h 7-^iit:*otv^ t*t 
&o HttfflA, B, U«tL?jlT^'t^f-^AS 
1, AS 2, AS3fcJ:Mv*-*y hi:*«*^> 
I SDNW ? 7^*fe^t^U S 4 J: «9 >f 
ytmmztis f7-^»-Kt^ FN 

ATM#i7^-fe^-^R-NATi:J: 9 >f V**- 
♦ ^ h t»«S*tTV^4o ^" KNATt 

i8*«poig1lR-NATK*v^-CJ4H 1 4 H^i~J: ^ 

50 itftt5^kt4«, -9— h^-^KS* 
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fitzfr- KNAT«*ft§*«R-NATi:"#H 
i$,m\tZUfrtlfz7 /US 1, AS 2, AS 3 

k^>Btthv*U>^*r3R|fflLTPPP»*S*t4o 4 
fc, I S DN4 iftfli 1X7^*^*-^ S 4 C« 

h7-^i:4^1R-NATt P P P^tR£ 

[0 0 2 9] hKitmmirzmMMow 

or Kl'-X^H^feB 1 2 teTFi- X 7 \ZT KV^i^ 
«H>«fc*VCV*4o £<ORoot-side N A T<7)«ifg£flJjB 

T\ WtiMAKit^TT KV^-CSfcLT 1 0. 10. 
1. 0t7^7fv^^ 2 5 5. 255. 255. 00 

Bi:^10. 10. 2. 0t7^7hv^^ 2 5 5. 2 
5 5. 2 5 5. OOTKl/^amtffitU £0411* 
6H**IB*6«*ELT< HttMllcHtl 

0. 10. 11. 0tr*^7^^ 2 5 5. 2 5 5. 
2 5 5. 0O7Kl/^aHtffl*U iOSB^tH* 

[0 0 3 0] EBJftiBAfrciS^T. *^MIil0. 0. 

1. 1 3. h 2 & 1 0. 0. 3. 2 (K W/B1-£W 
WW Servers 10. 1. 1. 1 *#J ij ST 6 tltv^ 
it*o HBRKfcJ\ WWW Server ? 
> 7-^ £i3**LTV*T,> WWW Server l±-*J— 7t 
-ffiO* 7 h tC&V^T. 10. 10 0. 10. 1 

*« v) m x h *u mtzhmkvy mm® 

LTt-e7t*ftLtv^ 0 -9— /tflo*? F7-^ 
K&\,*XWtMAlZti-t) i^T btlX^&T VUTs^m 1 
0. 10. 1. 0t7^^T^^ 2 5 5. 2 5 5. 2 
5 5. 0^-9^. 10. 10. 1. 0t^7h^^ 
255. 255. 255. 1 9 2 liPPP@In:, 1 
0. 10. 1. 6 4tn^*77^ 2 5 5. 2 5 5. 
2 5 5. 19 2&. P P fcffl ») MXbtlX^ 

2>o : S^^Hl 0. 10. 1. 12 8tn 

7^x^ 2 5 5. 255. 255. 1 2 8lift65t:P 
PPIIl, 2*6<OM*KJSCT*:/*y h7-^# 

EB«fflAC0SS*A^WWW Server *r«fl§1~ 

8 0 8 OSrHl^AfflO*- J: ^KK 

[0031] ^ *^ H WWW Server Srfjfflt 4 
T^***- /*i (IT, AS1) *6flt2l$*L 

&p p psnm -9 tfcoTv**o fc u a 

S 1 /<1BORoot-side NAT«tl#SAS (JBl 

T> RNAT11) tOBB*CPPPEUH*q»fi:LTV^ 



16 

OBE/!*fC4 < if^HJftJHOfcroP P PEUfc**ttIE 
•T*o i^)*^ Bi^A©PPPEI*i-c*4£i:# 
mwEZti&o >kK, H**HAOPPPEHftiffi^^-y< 
fl!l*y h7-*fc:&V>T*l&ST6tLTV**7 KVX4 

£W*6** h lfcl&fi&fci 0. 10. 1. 15**!*) 
ST5>*L* 0 tU i-CJcPPP0j*lffloSHl#-t-< 
T«fflS*lTV*a»-&\ ASl#PPPOLCP4if* 

TRNATM^iBV^, n4tffAO^ott»(C«Q3 
T*fc*fcJB*S*LTV*A£IB 1 0. 10. 1. 128 
t7^7fv^^ 2 5 5. 255. 255. 1 2 8*6 

m^(D o % msfrtmit ettfto ppp ma* 1 9 a 

T, -?-Otf *6ttKJfc** h 1 tCT FV*«r«lJiST* 

ittc&^o icoB#, ftmaT^aH^ifopppHm 
h*a*D*pppimii^i:a»)ffl**o 

[0 0 3 2] **h2l*. BMMHAfc:i5V*T7 Kl/^# 
10. 0. 3. 2 0"C*9, ASIiRNAT*llli: 

msLZtiz p p ph»2 imm ut-^:git^ 0 
*^ > i**»iK-r*##tra*tc. -^pppt«i 
m~ - o p p p nia**Hi*j« a cst^ppp mm 2 x 

*4"ifc* t BIESii-6o f LT, fB«*HAC0P P PEj» 
2ffli:ffit^^fll0. 10. 1. 6 4t^*^ 
30 v^^ 2 5 5. 255. 255. 1 9 2 *?>«MSjlt 

EU" 1* 2 KMU 10. 10. 1. 100WHI) 

7KU*£W*PPPIB*2fc:*IOST, *oa.B*6 
h 2K«!lS«o KLT, S«L 

**#Ji9ST6ft, RNAT«|gKiftR*7 KVJ*3E» 
8E*te6*L£ 0 

40 [0 0 3 3] ^^M *6WWW Server ^<P«>g\ R 
NATjK«H*v>r^y hOV-*7 Kl'*.* 1 0. 
0 . 1 . 13*610. 10. 1 . 15^, r7r^ 
-ya>7FVX^10. 1. 1. 1*6 10. 10 
0. 10. l^^^t^o $tz, WWW Server *5pJ 
J3lh£ -9— h#^-8 0 fc** h 1 \±m 

fflS**mi-*\ RNATSit^rH«»AffiOt 
-H^^$|jftLTV^^-/^co?K- Y^-wS 0 8 0 
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[0 0 3 4] iBKWWW Server frh&AY l^<D/*fr 

^Ht tts^ta *-isa yr YVAi 1 0. 10. 

1. 1 5HB*HACmwHT**£itA 

&££fc£t&S!JU 7K^*10. 0. 1. 13^t 

ABl*fey^rKi/^tio. ioo. 10. i*e> 

10. 1. 1. l^**T*o 8 
0 8 0 >**3£oT£ fc^y h ^Jg^SttTV^ 

< flWJUc *9 4PPP BHI-C** HWWB AO P P P 

[0 0 3 5] PB*ilHBO»^twOV^ra-^*o 
HttflB tcisv^T. f 3 1 0 . 0. 1. 3 0,* 

* 1*4 1*10. 0. 1. 1 4. mM-ti WWW Server 
KIO. 10. 15. 1 tiOSTO^tt&o HIS 
t:tt,-WWW Server 14-9— -XfllO* ? h7-^i:fi* 
tLTV^T. :<7)WWW Server litffifcElSk ^-^#JJ^ 
*y f7-*fci3V*t\ 10. 10 0. 10. ltf*#J») 
itttitv^o -9— ^«0*y h 7-^ KJsv^T. M 

j**BH«ijsrfe*Lrv^r Kv^amii, 10. 1 

0. 2. 0f7^7f^^ 2 5 5. 2 5 5. 2 5 5. 
0-e&*K WSBfl^ SH*a#**RNATIMItCIl: 
SfPPP*jR't&*Offl*>ff*>*LT*>)^ -fcofcfcfc. 1 
0. 10.2. 64. 2 5 5. 2 5 

5. 2 5 5. 1 9 2^B*-?-tt?>0/c^t:itU # 
PPPHJHlk l»l*«6fc7 FV^^fKjt:ffl^IoT 

i^o p p PH*»2ja»* t «**?>KSjai2:**L 

fcPPPEIifcfcU PPPi»2t:i±, 10. 10. 

2. 6 siMMfja-cfettrui)^ «o«a-t-*pppia 

AS 2*fe*2lS*L-6PPPiajHllfli^ttl 0. 10. 
2. 0f7^nv^^ 2 5 5. 2 5 5. 2 5 5. 1 9 

fc*L*o JS^O^IWl 0. 10. 2. 12 8t7'^^f 
7^n 5 5. 255. 255. 1 2 8 >9 ST^t 
ftiUPP PBil»l*^OR*^i&CT»fl9tw*(|ljS 

[0 0 3 6] *^ h 3ttAS 2 tci IJfl|2:S*LTV^4P 
PPBHBL1 SrflfflLTKJKLTV^OT, S»IAO* 

* h l*2<£*#tra#K, fiJlLtv^PPPIII^ 
HJtffiBCDP P Pill -C*4it39*ttK5*L4 It 
Wfc«9M5"Cfctifc£IHl 0. 10. 2. o 

7^^ 2 5 5. 255. 255. 1 9 2 fcfltffl S tlX^ 

&fc<£>£#J^JI&o b 3 fctiU— h 

7-*Ki3V>t\ 10. 10. 2. 10i*W*>ST^*L 
So **b4t±. 4% #»lLT;&i?*#IJ<9AS 4fc* 
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BfU PPP yv^tWiURNATWKJt 

LtllPPP@Miiti)o toWSfifK:. PPP 
GMbPHttM BOPPPi^tiSit 4*RK S fr> 
P P P 0*612 ttHH»K7 ofil^^T^ttTiS 
*K u^)«tiift^iT^tLTV^7 Fl'* 1 0. 1 
0. 2. 6 5#** h 40T KV*fcft4o WW 
W Server <DT Y VTs A^Mi W C-Cfc&o 

fctt#- hff 8 0 8 1 36*W«9ST ibtLTV^o 
10 [0 0 3 7] *iH<7}** h*??WWW Server h 
Sf 8 0) ^JHSB$fc«\ *^H, 2«^^i 
\zm 1 4 fc*1-3afe*4iffcJ: fj RNAT*«fci3V> 
T\ ✓ b<0#oy ~^£t^7M *-Va >7 FV 
**#*«*U h»*fcRILT, 8 0H 

H*ftJHBtwJtLT»3feS*tTV^ 8 0 8 llHc^SISti 
So ii:WWW Server b-s.O/N 0 ^ h & . mJ 

*(DPPPHi«i#»tti-a»^K»±^ ^ppph*^ 

7Kl/^i^Mf«M, a«J*PPPII]j|ft 
^<h3H£B£ti£ 0 00*.^ b 3^<*V**-? b<£>«^ 

10. 10. 2. lOmf^-vaVTKl/ 
^tU^x&tLtv^OT, itt^J: f)BBJ*JHBOP 
P P QUI 1 ^» *9 7hT^^ri 

30 [0 0 3 8] HJttil<B** b 5 0*frtB«CHlft 
U IBlAIPIlOftftfcTFV^ffillBOilfja-r^W-KJ: 
lj T Fl'***** b 5 KSiJ^rfctU HI 1 3 KTjrTi: 

5^MLT^ft>^s 0 mm® lmizVktbhtitzV' 

tcHLTtJCJfc^lTfcttJ&o -9— F7-^^?) 

f?a*Dft(H«lH^)Ja«J4P P PEI^ii^l^tLSo 
[0 0 3 9] ZZLX, T KV^ttM*i"*BB*lH*:BiiE 

ftBESttrv^tttcftl), i07 KV-X**KiHI|RSr 

&o oiO, 7F^10. 100. 10. 1 £J#oW 
WW Server J3\ 10. 10. 1. 0^7^^W^^ 
255. 255. 255. 0, 10. 10. 2. 0^7* 
^7h^^ 2 5 5. 255. 255. 0. 10. 1 
0. 11. 0t7^7fv^^ 2 5 5. 2 5 5. 2 5 
5. 0<D&7 YlsX&ftfrhV&ffiOfriVt^-f&Zt 
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£ f Offl t tz T~ 9 T 9 -fe * M r fi ^ T * < , 4-0 CD 

if£lS:5eL"Ci3< £ t TtoSASfc:— J: 
ft HttM IS] * * * v X L * - kf * #H5IT- # 

[0 0 4 0] ^EO*£\ HttlHA, Bi:*J0ittv> io 
h#*8 0 8 0 t 8 0 8 1 KWLtHftLTV^ 

^utr% i^-t-^'i^f - ^ ^ o t i a 
- h#-^8 0 8 8 datiftttv^yn^^^^ 

3feO#- h##8 0 8 0 k 8 0 8 1 tBftLTV^yn 
*H*. W*JHA, BR*#»4LTflt47-*t 
A, B^f-^SSft^it^i^t^r* 

[0 0 4 1] I P*y f7-*r£J:Sa«B#»w« 

I^fti^t^DNS (Domain Name System) -9*-Ai: 

«JH A _tCD DNSt-A2 tglt^v^WWWt*-^^ 
O7K^*S8v^b« 0 HtiA07F^gnt: 
is v^tWWWt -A|:JfLT7K^ #**g *9 S T frT 
DNSf-^2^HtiATiit^t-A 
t:«!)at?>ftfc7Kl/^10. 1. 1. 1***M 
KiSt"o fit, WHS, V — 7sT FV*«:g#0 
3$o 7KW10. 0. 1. 13. -f -f * ^ 5/ a > 
7KV^tt-^0)»07KW10. 1. 1. 1 s x 
^ 7* -f *-va ><0#- h#^8 0 t Lfc/^tf so 
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0. 1. 1. lftOA^y h*AS l^g< J:3^^JEL 
\U AS 1 CBS* i&RftfctfP P PBMl*»StLT-9- 
h 7-*CDRNAT«t6#£^«i TMlSfi 
ho h**t*ofcRNAT«ISft*««« 
y<$r? ^f^f^f *-i/a >T FV.x*g£<Dj#ogE 

10. 1. 1. H^IO. 100. 1 
0. 1 ^kg£j&1-& 0 #CK, V-^7K^(7)10. 
0. 1. 1 3 t^^ttiv^^Ktic^XLfc 

ffiLT< ^BOflOt^lilO. 10. 1. 15«» 
U S h VlTXt J a >c7>*°*- h#-f-8 0 Sr. H 

ttHAffifcfl&arfeitfc*- 0 8 0 irKftS 

k mm Kmmtm t> ti %> Q 

[0 0 4 2] & L> ffifcDNSiJ— A2 «Sl/:V>f 
-A<£>T KV^^a«^tLTV^l/^^ DN Sif- A 
2 te^-Affl* ^ f7-^(7)DNSt-AT^I)DNS 

-frfo*A4ry h J±;v-tM USl ^SSLt 

SofcRNATSIl^ A4ry hOV^iWf^ 
-y 3 >7Fb^WM»:S^lfflt^o 
IT, mm^try b#DNS07K^Pflv>^M^ 

■9-^-y^l^^o DNSf-/qii, »3es*Lfc»«3fc 
cD-9"-/^T Fix** l/X^°>^ t LT^I-To ^Eiom 
tw<O7Kl/^10. 10 0. 10. 1 ^7"- ^ 
t LTS»ai it*o iO!/^#>^yHi, -9— 

t^^>tL-i>o SWo^RNATiilif^T^f 
3>7I:>X10. 10. 1. 6 2 (t-^l*7h7 
-^K*v*THi*ilHAODN S-9--/N* 1 t#65t« 13 S 
XtzT Fl^X) frfeA^ry h**BB*IHAOAS 1 

"cv»*pppbhii ta9a*tf ±v^k*Baou n 

iWPJAtHi-**»KJ: 9 iEU < V-^t^x-f 
y3>7K^^$it^o S uW^#DN 
S01/7#>^9 h"C*»9*^ h<7)T Flx^tiEi- 
f-^tlti^iti/:t-^7 
FVJ^IO. 10 0. 10. 1 *PHi**IAt*v*T*l!J 
3-t5)ftfet-^O7Kl/^'C**10. 1. 1. 1. 

io uJltJtTOofeDNStw^tt, 10. 1. 
1 . 1 *8»Lfcv»i)-;^7 Fl^^t LT^^ 

h 1 iia#o»«kH#fc/t*? h^^imt 

aWSr^fdo 

[0 0 4 3] Aflj^y h 9-^±OTWWt- 
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^-^fil* y h*7- HOT K 

K*4ivCV*4 K^-f h Hfit-fW* 

MAKm-tZ** ft^^o *mWii~2>o -€-LT, EH 
*JBAODNStwfC*4DNSi)"-^2 WLtt 

h 7~^#J*)ST7^T Kl/7 
£\ 10. 10. 1. 62) if^f^-VHVTF 

Y\±*}—s*m<D*y h 7-^ Cfiv^tRN A 

RNATatliWr^f *--5/a VT Kl^^&HttlH 
AOP PPH*1 filttO/t*? h-C**££*j»SUU 
lliA(7)7 Kl/^$H^i V-^^:f7f^ v 3 

[0 0 4 4] f*SWofcDNStwt2 
l*> Wv^teiiribttTV^^^ > 1 tf>KU*jfflA"etf>T K 
1/7,10. 0. 1. 1 3 *VAtf>Xk lt> *9"W?ffl| 

tt-9— h 7"^ORNAT^S* ? §^*9. 4 
fV-^hf^f ^ ^ - v 3 > T K J: 
«9f^^i-^> 0 -e-LT. Z0)s*iry h<DT Kl/7 

Lmm-r & r- * #*>tia, 

*T Hl'J^fcSSJILT, DNSt-/n^I^ 0 i 

*38IB*&»»fcT Ki"**«|iJS-t\ «*9iiTfc7 K 

7KV^10. 10. 1. 1 5tf*W9STe>ftSE*S*l 
££^c&& 0 RNAT*«^«FOjEJJ|*Hil[ 
MS"*"*** h 1 fcBW"*T K^7*-^*r#ftli-*o - 

IT, ia§tL/:7 K^^f^f v a >7 

RNATta^7 Yv^m^m^x 

[0 0 4 5] ^Oi:^:t4^i:tDNSf-^t69a 
Jf^lBT * 9 > BB#0 D N S -9— ^Ki*3E *Jn i * * 

4o 4fc. DNSf^tWfflLtTK^Olfttl 
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[0 0 4 6] BUbfrfc. -9— ->tflO*7 b7-^K*V» 

■c#B«R*^TKv^a!mi*ffl*u #n 

JED! L T * O "9- - ' <«i * & »*^Ott«R«* H 
0it4^)tSi*i^ H «tt * fiift L £ 3 «KH 

h-9--^o***^r«K-r&o hj 
» k«i o a t * t -k v ^ o«i 9 a t pi * * %> - « 

#j fj a -c t k l/^ opiffl a^te-c* ■) * ^ - ^ e y 

»2»ggo*#w 

»l|§.WO*#«C0»^fcra#^. jfe*l;**:fe*A, B 

^<omWu\±, Ml 5CSti^fti©t4oTV^« IP 
*>BBtt*JA, B, U«^7^^^t-AAS1, 
A S 2 , AS 3 KJ: $ >f V kS5*cS*f9"- ^< 

h.7-^J±VNAT«H8#S T^-fe^-9--^*cJ: 

o^Stcis^TJiH 1 6 fc*-^##H#*l<Z>P P Pi* 
#tti:VLAN^mJ0it* o h 1 ^-y^flll 
*y h 7-^±0*- ^SrfUffii-*^ ASUVNA 
30 T«ffiftAS (mT^ VNATgt) tOBKPPPS 

***ft*t*tjfppp»K*«fii'r *o -opppgii 
aiBtosaE^isv^T^ ^(0PPP@ii«iA(7)pp 

PBHftlt?**c:k**BBES*Ll)o PH**BA*^+VN 
AT^/tLTVLANl^UOSt^jiTi^ itt 
itP PPMl *^tfc»Wf*S:Iv^i^PP 
PIUl KJJLTVNAT V LAN ^'^36* 

tij^ST^^^o -tLtcJ;^. H*i(HAOPPPBHli 
■C*££fc*«BlJ-e§£o P P PE«ft 2*«flia: Lfc»# 
tt^ VL AN 1 - 2 i:v>^ i o i:f t*t P P PHIlK 

LAN»df*3Hlffli-*fc»K, IEEE 8 0 2. 1 0ft 

t LTii^Jfc^fcf C0B3*jWOifOP P PEilft-e** 

[0 0 4 7] VNATiffita^OPPPE^iL 
T -9" ->> hy-^K**/^*; h t-M Ult 
H"9 ta%Lfc idKVLAN^^Srafeai*. 
4*^-9— ^^|aa$*L So LT> t-;WiVLA 

so gO«K»ftS**ka*tfdo iOt-z^aVLAN* 
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h 7 — ^ "COT Kl/*0^tet&^i1-&££& 

-tO»ftttPB«**ffi-c*«^SE5E^§ £ J: 3 i:»ot 
is , #H8 • SHi" Z> "r— HVLAN^^J^ta 

O^TV^VLAN^Srflfctygfti^ VLAN^^^ 
hO@S£l5fci: LTiS-SJ^^*«t®-SU^P P P@ 

[0 0 4 8] b 2 f7-^t:gg 
P P Pi»2 SrfMf SOT, £0**h 
2tf*fciJ— F7-^^;^7 MwteliJrao;^ 
ttiW#eVLAN?^#«l)STfeftVLAN 1-2 

n i sr*^LT»f^*»je-r*o-c fuffl-r^pppni 

igtC t-/^^^XM, 2^;^7 MiVLAN 

£>ICV L AN^^fff^St:*^ h l ^(D^srv Y 
ttPPPEHdl^ ^7h2^^y KiPPP@« 

[0 0 4-91 *^>3, 4liBCAS2t^LTt-/t 
hy-^fcgNBLf t &KP P PISl £ 
fljffi LTV^OT, ?IJffltl)VL AN^iriiW CXW L 
AN2-l^«v^ VNAT»ii:-Bv»T^yhi; 

O/**- ^ h fcflfri&o** h 1 kHSKcLTaKDfcP P P 

[0 0 5 0] h 5^<>Rit:, PPP8«lt£ 
!9K9fJKi-&ni*M^nMtM 1 "Cab (J. £*l**p PP I 

tVLAN^m&VLAN3, PPPIiU^t 
V L A N * ^ *C #> & V L A N 3 - 1 ifitt D S T *L & 0 
fit, MfljKOftft^J: fJiEL-< h ^*9~ 

wtmfci3V*T*!Jtt!? 3*l* 0 VLAN^^ 
VLAN3ICHt4»l*t40S*&^ VLAN^ 
WLAN1, VLAN2 LsMMTCg ftv^f- * £ 

■9*tt, tlA, B L #*C§> 

^BOWtftotv^ t * & ©J Rfft § o 

[0 0 5 1] IP*yh7-^ti5iMt:I 
^t^DN S (Domain Name System) if-^fc 

com § -c* & &\ m 2 ^m<o^^-^im^^- 
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dns *-/<*±a*o»*fc m*©3Riffl<^riR-c* 9 . 
mm$K&^x*r-sm<D*y y v-?\z$>& vnat 

P P P»«n*AS^tjEL<;i/-t>f 
[0 0 5 2 ] ^OJ: -9 t~LT, t-^TK^Jf^ 

1 &0-9-- /tfc J: *9 ttftOHMWHKW LT#^rt-;W 

a -9— o«tt**?rt6 k & a 0 

[0 0 5 3] »2»WOK3BK»+**#«*JttT^« 
"To PPPHIjRW^^JR^J&PBWWOBttSrflv^ 
B3«#smfi:-C, P P Pm^Lt^ft-otz^^ry Y<Dmm 
5cT*S** hOT KVXfc£#j£#tt&o ^lOl 
HI 7tC^f J:dfc**VNAT*«**Jjpo£J:fc 
20 $fc#BB*i»HA, B-dtLTVLAN^, V 

LAN 1, VLAN2, -^^#J fj ST h tlT$>Z> 0 
[0 0 5 4] 7 h T7 *- ^ 

M;^^^. ASUVNATSf t^)Hi:PPPBSl 

£OBIE»*KJ:lj VLAN^^VLANIR 
OP P Pill ^fiJ^^T^n-^o f > 1 ^ 

5>^y h#VNAT»It:att4^ VNATg 

0. 0. 1. 1 3 sijry h^StftLTifeP P P 0 

VLAN^^VLANU:i:OIl 7 O V 
LAN 1 \tzm-f& ^<D*miRLs Fcof^f^f^ 
- v a > T KV^ -CafeS 0. 

1. 1 3 Sr^-fcLT&jlfSrfTV^ JttS^J: >) ^(O^ 
v Y *M&mAt<D?$Km±L£titzF P P@»l icii^ 
a*tdTJ:v^r 4:*BI1U VLAN^ ^Sr^fcty ilPP 
PEI^l^i:^»9mi-c -^i:^:Lt, H-OH«» 

40 *?>«8:OP P P BlftWtiSlK:**"?^ ? h 
iSJttofcPPP 0^iE L < /ilr y h i& *) fflf - 

[0 0 5 5] **>2 0»-frtt, BIWHAKJUI"**^ 
h-CabSO-r, h 1 t |W|^H V LAN 1 iPiit) MX 
bti&o LfrL, fOffiLTV^ P P Pii#^7 h 1 t 
*^f2O7KW10. 0. 3. 2 0tt 
PPPH*2^fc*6#tf3*L* 0 ifttifj, 
1 tm»:VLAN 1 1fi>**ry Y KSfeiiStL*^ *9" 
H±i<Oi*J&*KJ: fj % h 2%0 

50 ^ y >tia-ajtcppp[p]^2*rfijfflLT5i^n.^o * 



(14) 



£■2001—1 6255 



25 

XV 3, 4, 5 0»-fr*BM»0*ttKJ: 9 VLAN*^ 
9 ST *>*U WfOTK^kPPP Elitt^ffl «9 
St^Ji, VLAN^^JMt-C»StLT«3a**L4o - 
Wei?), ®«^Kit$ic0®^^PPP[|]^t^ 0 ^^ 

[ 0 0 5 6] *:B1 8*#BLTH1 *OR-NAT 
KB. oS 1>-*M KNAT«IB#ST^-fe-X"9— 

Mo*»««#««iwt*o ««opppBij»»a« 
i i a*s£*t bttp p p isft&ans 1 1 KHtBKW 1 2 a* 

fj-B3*tTv*4 0 P P PBBlfcStORfc^OHlftBO^ w 
OPPPMiT** ^OBBtOTME* 1 2 -CUB S *u 
El 2 B L fc T K VTs « 9 £ T x - 1 3 £#fls L 
t^P P PEilSfeSrflJfflLTPJ^Lfc^^^ v ho*;* h 

^^iHarfeft, *o#B4MHOP P PE«fcW*IH 
1IJ<0 7 KV^i:, fMMSTfc-9— h 7-^7 
Kl^fcOfcHS* (SE*^) 14**ftt>*t*o PPPE 
BAaffil n:***^^^^ f^OPPP 
E***fltfi:LTv>tttf. ^ss*itp pp@«i;ii 

-f-4J«B*l 4 4r#HHLT, fO/^y >©7KV^i: 20 

-✓*B*? h7-^S6Wo '*B*? f7-^ 

ILT, B*BBtM*#LfcT KV^^K*i-*fc**- 
if <DmWm<D b*(D? P P E«l#>4:4n «5 > itJoi" 4 PPP 

siiHi&affi ii^ppp ®*^*mi"4o 

[0 0 5 7] £OR-NAT*BK*V»TBH#B*e>'< 
fc*H-4feaW:H 1 9 K^rfJ: 0 tc&4o iff 
tiKDsitrv P P P HBSSBJ?**** 

4***pppiaiswaa»i ltp^tft (si) , ti 30 

R*T**Hf ifOH«*HO^P P PH*ft*e>OK*T 
*4**BBEL (S2) > P P PBI»*ai2:1-4 (S 
3) o 

[0 0 5 8] £0#»T*OPPPHB*fflJBLfc** 
(S4) , ;^^#a*ti 
*OB*»fcV-*TKV*fcJ:9»JS*14*« 
*L (S5)\ WJEBi-4t>0#*tt*tlf, W)-7l> 
OTKWWU 7Kl/^l^itT-7>13l:# 
BgLTt-^l*^ YV~?<DT K ST. - 

*i&a>M«*«E»i 4 izw&tf (s 6) o 40 

f tcov^T-f-OT KV^TStJEatl 4 ^MU 7 KV 
(S7) o ^O^KPJ*1-4>^y >ttPPPB 

B;^£$*tTv*4*$>, ^fy7 o s4^'; m#*> 

o*4»^W: (S5) . (SEJfcSE) 14Kfcio* 

< r 'Ki/^sesitsoT-9— 'tB** h^-^^inm-r 

4 (S7) olo^^v^fi, ±iaoJ:d^TKV 
^«ljaT»JS*l 4 «rftjSi-*o 
[0 0 5 9] *CB8tOVNAT*l (VNATMfg 50 
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1811, CttKftB-r 4BEB1 2#»it6*t. PP 

p 0^562:p#^, iroH«»Ho ifoppp mt^^sii 

3tU *OPPPiMii:iiBI9CSti?4VLAN? 
^r-^V2 l KJ: ^o»«»30-e<DP P PEBfctt 
fcLfcVLAN*^*TO>)MiT&it4o *OPPPB» 
tlCTil*Lfc^f hfcttU bSE»»2 2 

T\ ^OPPPEBKWijaTfeitfcVLAN^^W 
#n£ftT, -9— >*B*? > 7-*^aittJ&*L4o 
[0 0 6 0] iJ— /<B*? Y V - ? frbm^Ltz^'r y 

LAN^^f-7>2 1 SrtttRU »J&i"4 P P PUB 
VLAN^^^i*ltMt^o ^OVNATt 
Bfcfi**4MJ*B*fcO^'Jry Hc*t1-4#kateEI2 l 

P P P HBSfBR**** 9 (Si) > iroHJMHHo 
^OPP P 0*^^051*^*4*0811*^ (S 
2) , PPPi»t«it4 (S3) o 
[0 0 6 1 ] -tofc. *OB;£LfcPPPIB*fc'**-* 
h^PJ5&1~4t (S4) . --e-OBBJtBO-tOP P PBU 
tVLAN^*t-7>2 1 *ft*LTtatl>VLA 
N^7«Ul (S5) , t*L*/^* bSMft»2 2T 

Mcfi&#-9-w<B*? h7-^^^l4 (S 
6) o VLAN^^IT, PPPB«*KB0i-4#* 
fcfflw&w H l 2 «B 1 7 ilffiLTKW Lfc»*i: 
£v*Ti±VN AT^MtilU 2 O^VLAN^f-/ 
;V2 l#Ea«ifcVLAN^^tWJS*^t^i4 
9, 3E^H2 0*^Sft»T^^d^PPPiaa**5t^ 
S*U aatrVLAN^* r *»ft*4t. Ill 2X14 HI 
7t:^t<l:9^, -tOVLAN^^k-f-OPPPBIB 

B*3S"t"»J6<E2 3*ft*i"4o if- /*B*? 

Mi. WLAN^^ (r^x 
^-V3» T KV^iita «9#JSa6 2 3 *r#BLT 
✓<c-jr ? h gEjfeffi 2 2t ifoB*lHo t^PPP E*ft/x 
VLAN^tRiU^^ h*afe4**ft3e"f 4 0 

[0 0 6 2] HI 2 1 \,Z7r;Ltzt8km.K$5\'*XlL Xf-y? 
S 6<Dit*) P«»t?/7t J: "9 ^VL AN^^^Sii^it 
Bt&i*CVLAN?^k, i»lf:PPPIl]ftt 

(y-^) r KV*ko»lS**ft*+4£ fcKftO, 
*oBttRW»-C*4 0 ±a-Ct±BBB*MI!IWoa«^^ 
OftWtUSL^ «iSc^L-^f«^^ F7-^^t- 
^MPJJ ^7h7-^t oa« Of&0^ Mfflr^o 

[0 0 6 3] 

iOS&WTtt. PPP*«Kt*l*B* 
»i*t-^flo*^ u(/)PPPg 
BBfill*CjlfBi-4B«IPIi: P P PHBS#*BIEi"4 
i t tcj: »K HJWH#ttKB , )aTfcT K^^W^J: 
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ffi ^ t ^ ^ v > ^'f - i ^ 0 £ 

S P (Internet Service Provider ) :Wo 
tv^VPN (Virtual Private Network)-^- \£ -X Off 

i%My°yy h y Lto««^ 
[HSTOftillftfUB] 

[Hi] HI§i*l«Uy^tA«M^t 

Ho 

[12) AttHl*OR-NATKl**t*TKV^JE* 
2b /E> 0 

[H3] ^^M i:o^TO^°l v h (OSElfcoa^tTF 
tHo 
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* [0 5] H**H«9aTfe*Lfe*9 fy-^TFV^ 
[H 6 ] s*4r-y Y \z&ty%> T K Vx^i^^^f 

So 

[B 7] *l»W^fi^S«fc^«F«OH«t^H 0 
[18] *2*BtlflLft^fA©i««*^t 
Bio 

[119] VLAN^yollOStflt^tHo 
[110] bKj*i-4»ft*Si- 

Ho 

[Hll] VNAT^^*WfflLfc*- /<rto«ftft*» 
1~Ho 

[Ell 2] »23&WKli5tt& VLAN^^O*j-JSWtO 

[HI 3] *l»WO*#«^*»t-6^-rA*^-t 

[SI 4] Ell 2 *<7)R-NATMW7 Kl^^#J*9 

[Hi 5] »2»Wo*#«tc*Jt&y^7-A*3Si- 
Ho 

[HI 6] HI 5tOVNAT*Ii:fi»t4VLAN^ 

mm*) mxm*mirmo 

[HI 7] H 2 §&BM<D%£Mte&ty2>V LAN^^tTK 

[HI 8]- R-NAT^M^«a&«fg*^^^-rHo 
[HI 9] 'R-NATItllKifiWi^ao-WtSi-a 

tLHo 

[120] V - N A T«^)«*Mi««:^t 8o 
[12 1] V-NAT»*JC*ft*»ao--««rjS1-a 

tLHo 

[H2 2] t£*OP P P h >*'J >»y^f^^ 
/Kl"Ho 

[123] ffi*ONATi:i*8I<Oy^f A*/^t 
Ho 
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